How to Validate and Report Application Misidentification
29342
Created On 09/25/18 15:19 PM - Last Modified 06/15/23 21:31 PM
Environment
- Palo Alto Firewall
- Application
Resolution
Validate
- Verify the information about the application (such as behavior, dependencies, and standard port) at the Application Research Center.
- Check the Dynamic Updates page on the Palo Alto Networks support website for the most up-to-date versions of Application and Threats content.
- Ensure that the Palo Alto Networks firewall has the latest version of Application and Threats content.
Report
- Name of the application seen in traffic logs or session table
- Expected Application
- System information:
> show system info - Filtered traffic logs (.csv format) showing the misidentification
- Session details for one of the misidentified sessions
> show session id <sesion id > - When the issue started (for example, after installation of the App Version 379-1840)
- Client PCAP of the Application
- Application dump (see How to Get an Application PCAP)
Note: Additional troubleshooting may be required if the Palo Alto Networks support staff is unable to validate or recreate the issue.