Who Me Too'd this topic

Who Me Too'd this topic

L0 Member

Implicit Applications with cotp/ms-rdp in security policies

Hello everyone,

 

Been testing some PA firewall functionality and noticed that ms-rdp has the implicit use of "cotp" defined, but the cotp application matches to a rule further down the policy list. When I review the logs, it looks like this

 

PAFWRDPCOTP.PNG

Am I misunderstanding having cotp as implicitly allowed by the ms-rdp application? Not sure why ms-rdp is allowed as part of the Test-RDP rule but then cotp drops down to a policy further in the list.

 

I could add the cotp application to the Test-RDP rule, but shouldn't Test-RDP be where cotp is getting caught already?

 

Thanks!

Who Me Too'd this topic