10-13-2016 11:27 AM
We just noticed that in our traffic logs there is traffic with the web-browsing application identified with a destination port of 443. The rule it is hitting on is only a port based rule with 80 and 443 as dest ports.
My question is why would the traffic match the signature of web-browsing since the standard port in the App is 80? Is it because we are not enforcing application-default at a firewall rule so the traffic is identified by the signature reguardless of port?
10-13-2016 01:28 PM
you are right, switch ACL to use application-default and it will stop passing traffic.
10-14-2016 12:08 AM
Unless you have ssl decryption enabled which could identify web-browsing inside ssl, it is possible there is unencrypted http using port 443. Due to the ports being set manually, application defaults are not being enforced and the sessions are allowed to pass
Enabling application default will block these connections
08-06-2018 01:41 PM
So reaper in that case if SSL Decryption is enabled which is identifying web-browsing over 443, I have to allow this behaviour in security policy & I don't think it is a best solution.
For e.g. I am allowing & decrypting a sports category website which is showing decrypted but sesion allowed over port 443 for web-browsing due to loose policy allowing any app over port 80/443. This in not ideal solution with Decryption tured ON.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
