05-31-2021 08:53 AM
We have created a VPN to Trust rule for just FTP and SSH Service for server in which we have Allowed only those services with application any. But the some of the traffic is passing with the some random service port with the same rule with application ftp which is not mention in security policy. Any Idea why is this happening.
05-31-2021 09:20 AM
Hi @MPESDC
This is a special case for the application ftp. In an initial ftp connection the actual data transfer port is sent in the payload of the controlconnection. The firewall reads this and opens the additional port dynamically. This is at least the explanation for this behaviour so far.
I see it here probably as you do. If you have specified exactly one port, the firewall should not allow dynamically another one - even if this breaks the ftp connection. In this situation I recommend to open a TAC case for either finaly clarification or informing them about this behaviour.
05-31-2021 12:31 PM
You may check this article and your app configuration and you can you use app overide to not only to allow passive FTP but lso to block it:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFeCAK
06-01-2021 11:29 AM
Hello,
As a best practice, I would recommend you use the Application rather than the port.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
