@G_W_Albrecht Thanks for your reply!

Actually I'm trying to make a different point, I'm not using the 8080 service inside the policy but somehow it is matching against an APP that uses 8080.

The service that I'm using in my policy is TCP 32000.

Hope you got my point!
========

WR,

FH

Can you try something like below?

Andy

I see no screenshots e.g. from rule base and logs that show your point !

@the_rock ,

When I create a policy to allow TCP 320000, why would the inspection module match it against an APP that uses 8080. Please help me on this.

====
WR,

FH

See the screenshot I attached in my last response, not sure if thats how you have it configured currently.

Andy

@the_rock , Yes you are right !

That is how the port is configured.

Can you tell me what is wrong in this?

========

WR,

FH

If you can send us the screenshot of the rule/logs, would help, for sure.

Andy

@the_rock  I'm sorry that I can't give you my prod rule/logs. 

I have replicated the same for your reference, PFA .

======

WR,

FH

Thats fair, no problem! Can we see what that tcp_30k looks like?

Andy

Can we do a remote ? @the_rock 

======
WR,

FH

I think everyone saw my messages about remote, haha. Thats okay, Im always happy to do my best to help. Not sure what time zone you are in, but Im in Canada EST, so its 9 am here, so I can do during my lunch, so say at 12 pm est, in 3 hours.

If that works, let me know and I can send you zoom link few mins before then.

Andy

How is the service itself defined ? You only show us a service group, not a service definition like:

@G_W_Albrecht 

PFA.

That looks right to me. Anyway, if you are still good for remote, just let me know, so I can arrange.

Andy

Let's do it , can you please let me know the exact timing so that I can be ready for it.

========

WR,

FH

Will send you zoom in direct message 5 mins before, so at 11.55 am EST (or 4.55 pm GMT), so 2 hours from now.

Andy

OK 👍

Awesome! Let me grab quick "lunch" now, so I dont have to eat while talking to you, haha 🙂

Talk soon mate.

Best,

Andy

Just sent you direct message with the link.

Andy

That was also my impression based on what I saw with the guys on the remote session, because the log showed the mentioned application with port 32501.

I still asked them to consider things I mentioned...

Andy

@the_rock , Thank you so much for spending your valuable time !

Will try out the steps you mentioned and update you.

==

WR

FH

Always happy to do my best to help mate. I dont need 1 hour for lunch like I did back in my 20s...now in my mid 40s, 20 mins is enough, haha.

Anyway, as I mentioned to you guys yesterday on zoom remote, if you have SPECIFIC scenario you want me to test in the lab, will do so. I also have R82 lab as well, but no host behind it, so makes way more sense to do it in R81.20 lab with windows 11 behind it, plus, it has ssl inspection on.

Andy

Hey @the_rock ,

We have a news for you, remember the net.TCP application which was getting matched against one of the rules ?

Now the same traffic is shown as "Unknown Traffic" .

Not sure what's happened here, can we check this ?

======

WR,

FH @Chinmaya_Naik 

O yes, I do remember that. So does the rule look like before?

Andy

NO changes done !

===

WR,

FH