Hi guys, I'm trying to set up ssl vpn on PAN. I would like to know which security policies are necessary to make the portal work. My actual rule is: Source Zone: untrust Destination Zone: untrust Source Address: any Source User: any Destination Address: public ip Application: ssl, ipsec, panos-web-interface, web-browsing Service: application-default If I use "any" as service, the portal is shown, I can log in and the tunnel works, but using the above rule the portal doesn't work. Inspecting the log I can see that traffic is denied by the default block rule. deny untrust untrust addr.src addr.dst 22735 443 addr.src.nat addr.dst.nat 22735 20077 tcp web-browsing deny default_block Addr.src = addr.scr.nat Addr.dst = addt.dst.nat Somehow port 443 is mapped by some kind of nat to port 20077 so I suppose that I have to open it. Which port range should be opened? Thanks!
... View more