This is not my experience. We are currently running 7.0.10 in any case. I will give an example. Rule Source: Trust Zone, Specified Addresses, and Trusted User --> Destination: Untrust Zone, Any Address, Application http-video (plus other apps), Application default | Allow, with security profile enable as well. 1. User browses to a news website www.stuff.co.nz and tries to view an article with a video embedded. 2. The video uses the application http-video (Applipedia says port 80 only) but the provider of the video uses https for the link to the video which puts it on port 443. 3. The Palo alto firewall decryptes the traffic and recognises the application as http-video but the port that it is using is 443. 4. The firewall then blocks the application because the port is not the application default as its expecting port 80. Given I would prefer to decrypt this sort of traffic as otherwise it just shows as SSL rather than http-video, how would I fix this without creating new rules for each application I have this issue with?
... View more