Custom App without Signature not Matching Security Rule

Custom App without Signature not Matching Security Rule

14231
Created On 09/25/18 17:36 PM - Last Modified 08/05/19 20:36 PM


Resolution

Issue

Created a custom app and used it in the security rule and the traffic never hits the rule.

Resolution

If the custom app defined is port based, an Application Override rule has to be created to identify at port level. If it is signature based, including the custom app in the security rule will suffice as the app engine works based off the signature.

To create a port based app and use it in the app override rule:

  • Open the Objects > Applications page and Click Add
  • Create the Custom App

8-9-2012 1-50-16 PM.png

  • Open the Advanced tab and select the ports
  • Go to Policies > Application Override
  • Configure the rule to allow the traffic

8-9-2012 1-53-02 PM.png

  • After the changes are committed, traffic matching the ports configured will match the app override rules.
  • show session id <id> can be used to verify the application that matched the connection

8-9-2012 1-55-11 PM.png

owner: sdarapuneni



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGvCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language