Web-browsing application being identified instead of SSL on port 443.

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L1 Bithead

Web-browsing application being identified instead of SSL on port 443.

We just noticed that in our traffic logs there is traffic with the web-browsing application identified with a destination port of 443. The rule it is hitting on is only a port based rule with 80 and 443 as dest ports. 

 

My question is why would the traffic match the signature of web-browsing since the standard port in the App is 80? Is it because we are not enforcing application-default at a firewall rule so the traffic is identified by the signature reguardless of port?

Highlighted
L4 Transporter

you are right, switch ACL to use application-default and it will stop passing traffic.

Highlighted
L7 Applicator

Unless you have ssl decryption enabled which could identify web-browsing inside ssl, it is possible there is unencrypted http using port 443. Due to the ports being set manually, application defaults are not being enforced and the sessions are allowed to pass

 

Enabling application default will block these connections 

Tom Piens - PANgurus.com
New to PAN-OS or getting ready to take the PCNSE? check out amazon.com/dp/1789956374
Highlighted
L2 Linker

So reaper in that case if SSL Decryption is enabled which is identifying web-browsing over 443, I have to  allow this behaviour in security policy & I don't think it is a best solution. 

 

For e.g. I am allowing & decrypting a sports category  website which is showing decrypted  but sesion allowed over port 443 for web-browsing due to loose policy allowing any app over port 80/443. This in not ideal solution with Decryption tured ON. 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!