For details on cookie usage on our site, read our Privacy Policy
unknown-tcp / udp - please explain
- LIVEcommunity
- Discussions
- General Topics
- unknown-tcp / udp - please explain
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-17-2013 01:58 PM
Hi,
I know that these two applications stand for unrecognized traffic. It worries me though that for some of the other applications to work, I have to add unknown-tcp/udp to the firewall rule. Example for this would be Bittorrent traffic. To allow Bittorrent, I also have to allow web-browsing and unknown-tcp and unknown-udp.
Can someone please elaborate on this? If I only want to allow Bittorrent, but also add web-browsing and unknown-tcp, I will open up the firewall for unwanted traffic. I really have a hard time understand this concept.
Thanks
- Labels:
-
App-ID
-
Configuration
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-19-2013 06:26 PM
Wow nice thread there 
I love that kind of candid, to the point feedback
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-20-2013 03:03 AM
I was really upset when I wrote that thread and I might have become too rude throughout the discussion, but I've had it with Juniper back then. Their NSM caused so much trouble it was unbelievable. Unfortunately, the same still holds true today. I just had a major crash on NSM two weeks ago from a failed DMI schema update. I love the SRX for it's concept and the beauty of Junos, but NSM is destroying that platform for me and a lot of my customers.
Anyways. This probably doesn't belong here.
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-20-2013 06:12 AM
Hey man, no need to apologize, sometimes my passion bubbles a little too close to the surface too
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-20-2013 06:39 AM
Back on topic... this is what my PA-500 just threw at me for the 'share-p2p' App-ID on PANOS 4.1.12:
VSYS1vsys1: Rule 'Allow all with threat' application dependency warning:
Application 'share-p2p' requires 'unknown-tcp' be allowed
(Module: device)
Configuration committed successfully
So yes, the original poster (cryptochrome) was correct in saying that for certain App-IDs, 'unknown-tcp' needs to be turned on. And I completely agree with him that "that's messed up" - I have to turn on 'unknown-tcp' for certain App-IDs to work? Say what?
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-20-2013 07:10 AM
Yep. That's what worries me too. In PanOS 5.0 these dependencies are automatically resolved (so you actually never see what the firewall is really opening up). says that it will never be unknown-tcp that would be resolved, but why did 4.x need unknown-tcp and 5.0 does not? Where is this documented? I find this really scary.
- Where are my XDR logs stored? in Endpoint (Traps) Discussions
- difference between NAT Pre Rules and Post Rules in General Topics
- Cortex XDR service getting stoppage on machines in Cortex XDR Discussions
- Artifacts Query in Cortex XDR Discussions
- Cortex XDR service getting stopped in Cortex XDR Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
