Policy, using App ID ssl, is bypassed in favor of service based policy

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Policy, using App ID ssl, is bypassed in favor of service based policy

L1 Bithead

Hi All,


I'm new to Palo so hope you guys can help me understand something.


We have two almost identical security policies that allow traffic via ports tcp/443 and 80. The first policy uses App IDs, ssl and web-browsing. The second policy uses services tcp/443, 80. My expectation is that the second policy should never be hit since ports 443 and 80 are allowed by the first policy, but this is not the case. Both policies receive a lot of hits on port 443.


My question is, why is the first policy bypassed for tcp/443 traffic?




Thanks Nikolay.


It looks like we would have to leave the two rules active as they are. I've checked the applications that are detected by the service port rule and there are just too many. This rule is for general user web traffic so can't be too restrictive.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!