services (http,https)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

services (http,https)

L1 Bithead

Please excuse my ignorance, new to FW support and PAN.  What is the criteria for services, why is there only 2 http/https?

thx,

1 accepted solution

Accepted Solutions

L5 Sessionator

These are pre defined ones , you can navigate to objects-services and create new ones.

View solution in original post

10 REPLIES 10

L5 Sessionator

These are pre defined ones , you can navigate to objects-services and create new ones.

L4 Transporter

Services are used for anything that is not already defined as an application by Palo Alto. We have had to use them for many custom in house Apps. As sraghunandan said, http and https are defined by Palo Alto, and are used in NAT translation Rules.

An Application is the preferred method for defining a policy, as the application is defined by signatures, not just ports.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.

Service is simply what others call a port.

L4 Transporter

As mikand said, they are just ports, and the criteria that is probably best practice is only use them when you can't use an application.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.

Speaking of ports, what about srcport - how to define that in a security rule in PA?

You can define source ports under services.

Doh! there it was, thanks! Smiley Happy

Page 232 in the PA-5.0_Administrators_Guide.pdf (for further references).

Is it possible to have the srcport being used displayed in the security policy list?

No, like all columns in Security Poliy

you can only name it i a way that i logical for you.

Like:

Service-Name: SRC-1026-TCP-25

Destination Port TCP-25

Source Port: 1026

Cheers

Marco

hmm, I guess that will be a doable workaround - thanks again!

L1 Bithead

Thanks for the fast replys.

  • 1 accepted solution
  • 5124 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!