application any and service application default in policy

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

application any and service application default in policy

L0 Member

I have a Internet policy that permits application "any" with service "application-default".  I just discovered that we can no longer use Ookla Speedtest since turning on the "application-default" service. 

 

Has anyone else experienced this and could you share how you resolved it?

 

Thanks.

1 accepted solution

Accepted Solutions

L7 Applicator

As far as I know this speedtest uses TLS connections on port 8080. As the default port for the App ssl is 443 the firewall no longer allows these ssl connections from speedtest on port 8080.

 

To solve this issue you would have to create a new security policy that allows ssl on port 8080 and depending on your needs restrict it to specific IPs of servers that are used for the speedtest.

View solution in original post

2 REPLIES 2

L7 Applicator

As far as I know this speedtest uses TLS connections on port 8080. As the default port for the App ssl is 443 the firewall no longer allows these ssl connections from speedtest on port 8080.

 

To solve this issue you would have to create a new security policy that allows ssl on port 8080 and depending on your needs restrict it to specific IPs of servers that are used for the speedtest.

@ChrisBrun,

Aside from what @Remo  already mentioned; I'm assuming that you aren't doing outbound SSL-Decryption? If you were utilizing decryption a lot of additional app-ids will be identified properly and you can utilize your above policy for the majority of things. For example, what you mention would have fallen under the 'speedtest' app-id and been allowed, as long as decryption was enabled.

If you aren't utilizing SSL-Decryption on your outbound traffic app-id is only able to trigger off of what it can actually see in the traffic flow, making it essentially "best effort" identification. 

  • 1 accepted solution
  • 6025 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!