This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Webbrowsing on non-standard http ports....

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Webbrowsing on non-standard http ports....

Go to solution
smccall
Not applicable

‎08-28-2013 01:56 PM

What is the best way for me to implement a rule that allows http traffic over non standard ports?

Our security standards require that we use a feature similar to what is available in Checkpoint that allows us to lock the port down based on protocol. Ex: port 55000 is open and allowed assuming the traffic is http or https.

Any help would be appreciated.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
sraghunandan
L5 Sessionator

‎08-28-2013 02:23 PM

I would suggest you to set the application as any and service port as the non-standard port that you use. Once the traffic traverses the firewall the application would show up and then you can modify the rule to incorporate it.

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
sjamaluddin
L4 Transporter

‎08-28-2013 02:22 PM

When creating security rules, in the Application section configure: Web Browsing but in the Service section refer to the ports you are interested in allowing.

You may have to create a custom service and allow these non standard ports and then call that custom service in the security rule (where it says service). That way when traffic is checked against the security rule, you'd have web browsing AND the port (allowed via service) and only if the two web browsing on that non standard port match, will the traffic be allowed

So e.g.  your service would look like

services.PNG.png

Where service-http goes to 80 and 8080

and the security policy would be:

security.PNG.png

Go to solution
sraghunandan
L5 Sessionator

‎08-28-2013 02:23 PM

I would suggest you to set the application as any and service port as the non-standard port that you use. Once the traffic traverses the firewall the application would show up and then you can modify the rule to incorporate it.

0 Likes Likes

Go to solution
smccall
Not applicable
In response to sjamaluddin

‎08-29-2013 07:21 AM

I goofed around a bit and figured this was the way to do it, but thank you very much for the response.

Nice to have someone confirm my thoughts.

0 Likes Likes
  • 1 accepted solution
  • 3945 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks