This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

TomYoung
Cyber Elite
Cyber Elite

‎11-13-2022 12:43 PM

Hi @jorgenfrejso ,

 

You probably have your service in your security policy rules set to application-default.  With any protocol that runs over TLS (LDAPS, NNTP, etc.), the protocol is encapsulated within TLS.  Without decryption, the NGFW only sees TLS.  The default port for the App-ID "ssl" is 443, and that is the only port that TLS will be allowed to pass through the NGFW if the service is set to application-default.

 

You can do a quick test.  Change the service to any and see if it works.

 

If you enable logging on the interzone-default rule, you should see the traffic hit that rule under Monitor > Logs > Traffic.  Just like the other firewalls you have experience, if it hits the default drop then it didn't match any rules.

 

Note:  Monitor > Logs > Traffic only shows sessions that have ended if you have Log at Session End configured for your rules, which is the best practice.  Active sessions are found under Monitor > Session Browser.  If you do not have any logging configured for rules, they will not show up under the Monitor tab.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

View solution in original post

(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks