Palo Alto Networks Knowledgebase: Custom App-ID for NCAA March Madness 2017
Custom App-ID for NCAA March Madness 2017
Created On 02/08/19 00:07 AM - Last Updated 02/08/19 00:07 AM
In continuation of our tradition to publish custom apps for March Madness, the annual college basketball tournaments, we provide the following custom signatures:
Identifies the NCAA March Madness...
Live landing page on PCs and mobile apps
Live video stream for PCs and mobile devices (including replay streams)
The NCAA is streaming all the games via its March Madness Live page/app. You can use the above three custom signatures to identify this traffic and control the policies accordingly.
Recommended best practices
To block the NCAA March Madness Live application/player:
Create a security rule to 'deny' ncaa2017-mml.
To enforce QoS policing (permit the NCAA March Madness Live application but rate limit the video streams):
Create a security rule to 'allow' ncaa2017-mml and ncaa2017-video applications.
Create a QoS policy for ncaa2017-video.
To simply gain visibility into the usage of March Madness Live in your traffic mix:
When you import the custom-defined applications to your firewall and commit, make sure the traffic is 'allowed' by the security policies.
You can use the CLI 'show session all filter application <ncaa2017-mml|ncaa2017-video>' to check all sessions matching the apps created.
Import custom apps to your firewall
1. On the Objects tab, under Applications, click the Import button at the bottom bar (circled below).
2. Upload the custom application XMLs provided.
3. Verify that the new custom app shows up in the Applications pane.
Anonymous Proxy tools such as Ultrasurf could be used by the end user to watch the video content. In such cases, for the firewall to identify the proxy tool, SSL decryption policy has to be configured on the firewall. Once the SSL decryption is enabled, App-ID engine will identify the proxy tools. If the security policy does not have those App-IDs whitelisted, the firewall will block the session.