After installing a Palo Alto PA-220 with standard policies, there were several things that were broken. VOIP phone through Google Voice/OBi analogue - no audio on any call (STUN over port 19305) Speedtest.net find server and tests would not complete (SSL over port 8080) Our washer and drier were no longer sending notifications when laundry was done (SSL over 46030) External Plex server (SSL over port 32400) The offender was the default outbound policy to the internet/WAN. While the source/destination are any/any, the Service specified is application-default which basically means that if services are using non-standard ports they won't be allowed in this policy. There weren't any indications of dropped traffic in the logs, because default policies are not logged in Palo Alto devices by default, and this traffic was getting denied by the interzone-default policy. To resolve this easily, just change application-default to any. However, you may want to see wha