06-16-2020 05:51 PM
Hi All,
Due to a number of system administrators working from home, I have been asked to allow vCenter Server Appliance Web user interface HTTPS port 5480 through the firewall for administration over VPN (Global Protect).
Specifically port 5480. vCenter uses standard ports 80 and 443 and successfully navigates to the site.
I have been unable to trace the reason why the site cannot be reached and looking for suggestions as the palo is not showing any traffic in the logs (that i can find).
Steps I have done:
1. Created a new custom application object tcp\5480.
2. Applied the new custom app to the relevant security rule.
Wondering if anyone else has seen this behavior before?
Cheers,
Chris
06-17-2020 02:26 PM
Two things:
1) Have you enabled logging on the interzone-default security rulebase entry to actually get logs, or otherwise have a deny rule that would generate a log when this traffic isn't matching a security entry?
2) You say that you created a custom application. Did you test that the custom application signature is properly catching the traffic and it isn't being matched to ssl?
What I think is happening is that the custom application you created doesn't have a proper signature assigned and the traffic is being identified as ssl over tcp/5480, which wouldn't work if you have the service configured as application-default. Without having interzone-default set to log, or anything else that would capture and log traffic that doesn't match a security entry, you wouldn't have any logs to look at.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
