For details on cookie usage on our site, read our Privacy Policy
Rule to block TOR Application blocks all traffic directed to Internet
- LIVEcommunity
- Discussions
- General Topics
- Re: Rule to block TOR Application blocks all traffic directed to Internet
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Rule to block TOR Application blocks all traffic directed to Internet
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-19-2016 05:32 AM
Hello Community,
we have an issue when we try to block TOR application. We do a rule like the image reported below and put it on top of the rulebase:
But it seems that all Internet traffic is dropped by the rule named "Tor_Blocking".
We see the Application is "Not-Applicable" on all log files. It seems PaloAlto cannot resolve properly the Applications involved.
At the moment we are not using SSL Decryption and we have PANOS 7.0.6 and Application Version 584-3342 on a cluster of PA-5060 appliances.
Do you have any idea to resolve this issue?
Let me know if you need any other information.
Thanks in advance.
Jacopo
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-19-2016 05:44 AM
Hi,
Not-applicable
Not-applicable means that the Palo Alto device has received data that will be discarded because the port or service that the traffic is coming in on is not allowed, or there is no rule or policy allowing that port or service.
For example, if there was only one rule on the Palo Alto device and that rule allowed the application of web-browsing only on port/service 80, and traffic (web-browsing or any other application) is sent to the Palo Alto device on any other port/service besides 80, then the traffic is discarded or dropped and you'll see sessions with "not-applicable" in the application field.
Thnaks
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-19-2016 06:49 AM
Destination port in this case is 5671. Do you have any rule which would allow this port?
One explanation would be that it doesn't even start recognising app if this port is not allowed by any rule. Still unusual that it drops it with TOR rule, it should be by some default drop rule at the end.
But if this rule blocks http traffic on standard port as well and you have TCP 80 open somewhere (either by service or with web-browsing app) then it's very weird and wrong.
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-19-2016 07:32 AM
Hmm. I didn't read the question properly. I thought it just drops the TOR application. Can you create a rule any any and see if firewall will be able to determine application you are using. generate web or dns request to outside
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-20-2016 06:19 AM
Hi All,
if I disable the "Tor_blocking" Rule, the application is identify correctly by other rules specified on the rule base and the traffic is accepted and goes to untrust zone.
Thanks.
Jacopo
- Traffic getting hits on non-allowed URLs in General Topics
- Cannot ping interface, IP or defaul gateway from PA 500 to Cisco switch in General Topics
- Block All Internet Web-Browsing But Allow MS_UPDATES in Panorama Discussions
- Outlook web excessive bandwidth usage in Next-Generation Firewall Discussions
- Application incomplete or insufficient-data when using NNTPS in Next-Generation Firewall Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
