08-30-2018 05:20 AM
Hey ,
i just wondered why in the era that all web traffic is moving forward beeing encrypted and browsers like chrome will soon mark websites that uses HTTP protocol as "unsage" paloalto "web-browsing" application still uses in it's default ports only tcp/80 port and not also tcp/443 port?
thanks
08-30-2018 06:42 AM
Hello,
I also get caught out by this at times. However, and I could be wrong, PAN tries to use the RFC standards. Since http is default port 80, that is what they default to.
I kind of like the granularity that the default apps bring to the table. It allows me more control over the packets that are traversing my PAN's.
Regards,
08-30-2018 06:45 AM
Hello,
That said, you can create your own apps or an override that will allow web-browsing over other ports.
Regards,
08-30-2018 06:50 AM
not sure this is the answer because once you are decrypted you reveal the real application.. and all the other application i have notcied in paloalto has port 443.. and even facebook has 80 & 443
08-30-2018 06:58 AM
Hello,
That is correct. However the PAN layer 7 application detection does more than just look at the ports in use. Hence the reason it can detect Facebook and SSL over ports 443.
Regards,
08-30-2018 07:12 AM
the basic reason for the "default ports" from my knowledge is for the use in the service column.
basicly even though paloalto is a Layer7 fw.. it is still a layer4 fw so when you use the "application-defaults" in the service feild on the rulebase this is what it is based on..
this just makes you create a seperate rule for web-browsing on port 443 in the rulebase since you wouldnt want to put only port 80 and 443 on the rule that all your network traffic hit on.. this will make you configure each and every port an application uses on that rule. or create aditional rule for all those application that dont use ports 80 and 443.
another beuti of the "application-defaults" is that it works as you ceates a seperate rule for each application with it's default ports. for example
- application A with port 8080
- application B with port 443
if application B will use port 8080 it wont hit this rule..
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
