https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-Matching/m-p/251374#M49227 <P>Can you check here if everything is default and TCP 3323 has not been added?</P> <DIV id="tinyMceEditor_647b6a55759734Lesley_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <DIV id="tinyMceEditor_647b6a55759734Lesley_1" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <DIV id="tinyMceEditor_647b6a55759734Lesley_2" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="test.jpg" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30773i750F617F8A9457C1/image-size/medium?v=v2&amp;px=400" role="button" title="test.jpg" alt="test.jpg" /></span></P> <P> </P> <P>&nbsp;</P> Mon, 16 Jun 2025 19:41:40 GMT Lesley 2025-06-16T19:41:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-Matching/m-p/251350#M49225 <P>Hello everyone, may I ask a question? The default port for my SQL application is 3306. Due to business irregularities, the user uses port 3323 for my SQL application. Therefore, an inline layer policy has been added. When the parent policy 1 sets the service to specific port 3323 and the service/application in sub policy 1.1 to any, does the application in sub policy match traffic based on port or signature? That is, when matching the corresponding application in sub policy 1.1, the relationship between port and signature is either or:</P><P>reference resources: <A href="https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_SecurityManagement_AdminGuide/Content/Topics-SECMG/The-Columns-of-the-Access-Control-Rule-Base.htm" target="_blank">https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_SecurityManagement_AdminGuide/Content/Topics-SECMG/The-Columns-of-the-Access-Control-Rule-Base.htm</A></P><P>According to the prompts inside, port and signature seem to have a strong binding relationship, which means that port and signature need to correspond.</P><P>However, after testing, it was found that when connecting to the My SQL database on port 3323 (non-standard port 3306), it can also log in normally and be recognized by the application control. Please help to clarify this. Thank you!</P><P>Please help to guide me, thank you!<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="微信图片_20250616212938.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30769iCCE8DF7E01378C8A/image-size/large?v=v2&amp;px=999" role="button" title="微信图片_20250616212938.png" alt="微信图片_20250616212938.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="11111.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30770iCFA7119BA94A7C75/image-size/large?v=v2&amp;px=999" role="button" title="11111.png" alt="11111.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="policy.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30771iB667FD245A74229F/image-size/large?v=v2&amp;px=999" role="button" title="policy.png" alt="policy.png" /></span></P> Mon, 16 Jun 2025 13:34:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-Matching/m-p/251350#M49225 yangxcg 2025-06-16T13:34:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-Matching/m-p/251371#M49226 <P>I had customer show me this before and we ended up opening TAC case and they did something on their end to fix it.</P> <P>Andy</P> Mon, 16 Jun 2025 18:58:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-Matching/m-p/251371#M49226 the_rock 2025-06-16T18:58:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-Matching/m-p/251374#M49227 <P>Can you check here if everything is default and TCP 3323 has not been added?</P> <DIV id="tinyMceEditor_647b6a55759734Lesley_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <DIV id="tinyMceEditor_647b6a55759734Lesley_1" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <DIV id="tinyMceEditor_647b6a55759734Lesley_2" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="test.jpg" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30773i750F617F8A9457C1/image-size/medium?v=v2&amp;px=400" role="button" title="test.jpg" alt="test.jpg" /></span></P> <P> </P> <P>&nbsp;</P> Mon, 16 Jun 2025 19:41:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Application-Matching/m-p/251374#M49227 Lesley 2025-06-16T19:41:40Z