For details on cookie usage on our site, read our Privacy Policy
unknown-tcp and web application
- LIVEcommunity
- Discussions
- General Topics
- Re: unknown-tcp and web application
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2016 12:27 AM
Hello Experts
Just want to know,
1- If PA can not identify the web application then it will classify it as SSL/Web-browsing or unknown-tcp?
2- unknown-tcp and unkown-udp is only for client/server application?
Regards,
GR
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2016 12:04 PM - edited 11-07-2016 12:12 PM
Thank for reply. Again sorry for my ignorance but want to ask:
1- In genral if I allow only web-browsing and SSL in security policy (assuming doing the SSL decryption) and PA identify the deepr application like fb-chat then in this case the access to that deeper application will be blocked? In short allowing web-browsing and SSL only, will not allow all web-applications?
2- Coming to proxy question, how I can know all the web applicaitons on internet, user will browse on internet and allow in policy?I just want allow all web-browsing and SSL from proxy to internet. What can I do?
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2016 11:10 PM
1. Yes
2. Work with app categories or application filters as they are called. Or allow port 80 and 443 and only block selcted apps and/or categories.
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-09-2016 04:18 AM
@santonic Just one question, if I am not doing SSL decryption on PA, then all internet web-browsing would be boils down to SSL and web-browsing applications? So in security policy if I allow only web-browsing and SSL applications for bluecoat to internet traffic (browsing) then it would be fine right?
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-09-2016 04:45 AM
Nope.
On http traffic you will have a lot of applications always as it's not encrypted.
On https traffic most of sessions will be recognised only as SSL without decryption. But in same cases (like for example TeamViewer where destination for CONNECT command is always something like *.teamviewer.com) specific application will be recognised even without decryption.
- Can Applications be filtered in some way in Cortex XDR report? in General Topics
- Outlook stops syncing with Cortex XDR enabled in Cortex XDR Discussions
- Custom PAN-OS Metrics Published for Monitoring in VM-Series in the Public Cloud
- Unable to create a support account in Next-Generation Firewall Discussions
- URL DB Version in Prisma in Prisma Cloud Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
