08-27-2018 12:24 PM
The answers you seek can be found under the Objects tab under Applications or via Palo Alto's applipedia .
ms-ds-smb = This is an app container for smb-base, smbv1, smbv2, smbv3.
ms-ds-smb-base: Think of this as a building block that will almost always need to be allowed. This essentially gives the firewall something to identify before we're able to tell what version of smb is being utilized.
If you simply define the service you're going to run the risk that something else will be tunneled/used over that port, and while the firewall will identify the true application being used it won't block the communication from taking place. Defining an application where possible is always going to be prefered.
