Hey, @BPry , thanks for responding. So this traffic is going from a trusted zone to another trusted zone. When we migrated from one firewall to the PA we didn't want to inhibit this traffic (some is user support, some is server support, other is server to server service communications, etc...) so we added what is essentially a "trust to trust any" policy. We are now in the process of refining things and bringing them more into line with the capabilities of a NGFW (e.g. app ID, decryption inspection) and also cleaning up overly broad policies such as the "trust to trust any" policy. This is part of the process of removing that policy, so eventually this deny policy I plan on creating can be removed, but in the interim I would like to block the off beat traffic. I've learned my "do it all at once" lessons in the past and like to do the step by step approach these days.
... View more