paloalto-panorama App-ID missing?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

paloalto-panorama App-ID missing?

L4 Transporter

Does anyone else find it strange that there's no 'paloalto-panorama' App-ID? There are paloalto-updates, paloalto-userid-agent and paloalto-wildfire-cloud App-IDs, but not one specifically for Panorama? (ssl on port 3978 essentially)

3 REPLIES 3

L6 Presenter

According to applipedia panorama is gone (or never existed for the past year or so at least according to the release notes archive im digging through in my inbox) but instead gives hits for "panos-web-interface"...

Searching for releasenotes it seems that panos-web-interface has been around for some time:

2012-08-15 Version 323:

Modified Applications

Risk Name Category Subcategory Technology Depends on

1 panos-web-interface business-systems management browser-based web-browsing

2012-08-29 Version 326:

Risk Name Category Subcategory Technology Depends on

1 panos-web-interface business-systems management browser-based web-browsing

My PA200 hits on Panorama on the 'ssl' App-ID... I currently have an 'any app ID and service' rule in place, and that's the App-ID it seems to be hitting.

Also I checked panos-web-interface and I don't see port tcp/3978 in the list of ports rolled into the App-ID. All I see in panos-web-interface are tcp 80 and 443

I guess the proper way is then to use appid:ssl service:TCP3978 along with proper src/dstip until PA releases a dedicated appid for Panorama.

On the other hand I wonder if thats even possible because Panorama do use SSL and unless you decrypt the stream the PA wont be able to look inside the SSL (well CN of the cert can be looked at but that doesnt help regarding Panorama). And I dont know if that would be such a good idea to automatically identify any SSL going over TCP3978 as "Panorama".

  • 2538 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!