04-06-2021 01:51 AM
I'm new to Palo so hope you guys can help me understand something.
We have two almost identical security policies that allow traffic via ports tcp/443 and 80. The first policy uses App IDs, ssl and web-browsing. The second policy uses services tcp/443, 80. My expectation is that the second policy should never be hit since ports 443 and 80 are allowed by the first policy, but this is not the case. Both policies receive a lot of hits on port 443.
My question is, why is the first policy bypassed for tcp/443 traffic?
04-07-2021 04:29 PM
It looks like we would have to leave the two rules active as they are. I've checked the applications that are detected by the service port rule and there are just too many. This rule is for general user web traffic so can't be too restrictive.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!