When does the "Apps Seen" tab under Security Policies show warning for Non Standard Ports?
11795
Created On 05/25/23 14:16 PM - Last Modified 06/06/23 13:59 PM
Question
Environment
- Palo Alto Firewall or Panorama
- Any PANOS version
- Security Policies allowing applications on non-standard ports
Answer
In order to have a warning icon indicating that a "non standard port” is being used, the following conditions need to be true:
- Application definition in PanOS must have ports defined. Please refer to this Documentation on how to find the default ports an Application uses.
- Specific ports/port-ranges are configured in Service for the rule. If service is set to any in matched policy, it does not qualify.
- The configured port(s) do not match the ports defined in the default application definition.
Additional Information
The three conditions above need to be met in order to have the warning icon visible.
Below is an example. In this scenario there are two policies:
Apps seen for "Trust_To_Servers-1-1":
Apps seen for "Trust_To_Servers-1-2":
In the last screenshot for policy "Trust_To_Servers-1-2", the warning is seen because the three required conditions are met.
For information regarding "Apps Seen" tab, please refer to below document:
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/policies/policies-security/applications-and-usage