- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-13-2022 12:43 PM
Hi @jorgenfrejso ,
You probably have your service in your security policy rules set to application-default. With any protocol that runs over TLS (LDAPS, NNTP, etc.), the protocol is encapsulated within TLS. Without decryption, the NGFW only sees TLS. The default port for the App-ID "ssl" is 443, and that is the only port that TLS will be allowed to pass through the NGFW if the service is set to application-default.
You can do a quick test. Change the service to any and see if it works.
If you enable logging on the interzone-default rule, you should see the traffic hit that rule under Monitor > Logs > Traffic. Just like the other firewalls you have experience, if it hits the default drop then it didn't match any rules.
Note: Monitor > Logs > Traffic only shows sessions that have ended if you have Log at Session End configured for your rules, which is the best practice. Active sessions are found under Monitor > Session Browser. If you do not have any logging configured for rules, they will not show up under the Monitor tab.
Thanks,
Tom