cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

Cyber Elite
Cyber Elite

@michaelmertens,

The answers you seek can be found under the Objects tab under Applications or via Palo Alto's applipedia 

ms-ds-smb = This is an app container for smb-base, smbv1, smbv2, smbv3. 

ms-ds-smb-base: Think of this as a building block that will almost always need to be allowed. This essentially gives the firewall something to identify before we're able to tell what version of smb is being utilized. 

 

If you simply define the service you're going to run the risk that something else will be tunneled/used over that port, and while the firewall will identify the true application being used it won't block the communication from taking place. Defining an application where possible is always going to be prefered.  

 

View solution in original post

Who rated this post