Hello all, Looking for more information on these two applications if anyone can assist. We're deploying firewalls as an MSSP and some of the traffic we're seeing hit application-based policies doesn't seem to make sense. Some of the examples we've seen are; t.120 hitting 21/22 yelp-base hitting 80/443 twitter-base hitting 21/22, 80, 443 We aren't doing decryption on the web traffic, but some of the applications coming across seem rather strange. The IPs hitting these are a mix of threat IPs and clean ones. The most I could think of for yelp-base and twitter-base is that possibly the web site has some integration with those sites, but then I still have the issue with t.120 where the applipedia definition for it is rather vague. Any recommendations or help is appreciated!
... View more
Hello everyone, Been testing some PA firewall functionality and noticed that ms-rdp has the implicit use of "cotp" defined, but the cotp application matches to a rule further down the policy list. When I review the logs, it looks like this Am I misunderstanding having cotp as implicitly allowed by the ms-rdp application? Not sure why ms-rdp is allowed as part of the Test-RDP rule but then cotp drops down to a policy further in the list. I could add the cotp application to the Test-RDP rule, but shouldn't Test-RDP be where cotp is getting caught already? Thanks!
... View more