www server in DMZ - what aplication should me allowed?

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L4 Transporter

Are You sure?

It's impossible to commit with aplication=any service=app-default.

Highlighted
L7 Applicator

Hello Slawek,

As you have mentioned your requirements is :

--------------------

web-browsing (tcp/80, tcp/443)

webdav (tcp/443, tcp/80)

ssh (tcp/22)

ftp (tcp/21, what about data stream?)

ping (icmp)

--------------------

It's seems all applications are working on their default port. Hence, you can apply above mentioned applications in a security policy, set service as application-default  and allow them ( please include SSL for TCP/443, as web-browsing will only allow TCP/80).

Thanks

Highlighted
L4 Transporter

I'm not sure that I understud You clearly.

Is my policy should be like:

2014-03-27_150824.png

This is that what I alredy had.

What about "TOP blocked user bahavior"?

With Regards

Slawek

Highlighted
L7 Applicator

Hello Slawek,

Yes, your policy configuration is looking good here. Could you please let me know, how did you generate that "TOP blocked user bahavior" report...?

Thanks

Highlighted
L4 Transporter

On my PA200 it is one of predefined reports:

2014-03-27_191635.png

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!