01-29-2020 03:22 PM
Hello all,
Looking for more information on these two applications if anyone can assist. We're deploying firewalls as an MSSP and some of the traffic we're seeing hit application-based policies doesn't seem to make sense. Some of the examples we've seen are;
t.120 hitting 21/22
yelp-base hitting 80/443
twitter-base hitting 21/22, 80, 443
We aren't doing decryption on the web traffic, but some of the applications coming across seem rather strange. The IPs hitting these are a mix of threat IPs and clean ones. The most I could think of for yelp-base and twitter-base is that possibly the web site has some integration with those sites, but then I still have the issue with t.120 where the applipedia definition for it is rather vague.
Any recommendations or help is appreciated!
01-30-2020 09:46 AM
Hello,
Some applications have dependencies. Check out this tool for the Palo Alto applications.
https://applipedia.paloaltonetworks.com/
Regards,
01-30-2020 03:08 PM
@OtakarKlierthe issue is with the Applipedia definitions of these and real traffic coming across. I don't believe this is an answer to the question.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
