09-26-2024 08:22 PM
Hi team,
We facing issue with PA firewall that, traffic from browser or application categorized to ICMP related and match to ping enabled rule in mass.
Due to this, return traffic of the TCP session drops and application communication interrupts intermittently.
Based on our findings, the rule "Rule ID 26" which applications are set with "icmp, ping and traceroute" only in that rule.
Hence, it should not suppose to be seen as 443 by right.
Need your advice why 443 is seen under Rule ID 26 in traffic log, please?
<entry name="Rule ID 26" uuid="b57d11eb-2f12-4042-a58f-57e2351c062e">
<profile-setting>
<group>
<member>SecProfile_Outbound</member>
</group>
</profile-setting>
<from>
<member>DMZ</member>
</from>
<to>
<member>Untrust</member>
</to>
<source>
<member>any</member>
</source>
<destination>
<member>any</member>
</destination>
<source-user>
<member>any</member>
</source-user>
<category>
<member>any</member>
</category>
<application>
<member>icmp</member>
<member>ping</member>
<member>traceroute</member>
</application>
<service>
<member>any</member>
</service>
<action>allow</action>
Appreciate your clarification.
09-26-2024 08:32 PM
Change the service from any to Application default in the rule id 26. That's the reason the incomplete application For port 443 is matching with that policy. Still it will allow all the icmp based applications mentioned in the rule.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
