Palo Alto Networks Knowledgebase: How to create a custom application for ALG apps

How to create a custom application for ALG apps

2094
Created On 02/08/19 00:00 AM - Last Updated 02/08/19 00:00 AM
Symptom

Symptoms

After matching a custom application, the Palo Alto Networks firewall cannot create the PREDICT session by ALG, which might result in  'file transfer failed on ftp data connection.'

Diagnosis

If you do not check "Continue scanning for other Applications" on a custom application, the Palo Alto Networks firewall will stop the L7 scan and hardware offload the session after matching it to the custom application.
After the session is offloaded, even if an ALG trigger packet comes to the firewall, it will not be picked-up. 



Resolution

Change a Custom Application settings following the steps below:


1. From Objects > Applications, click your custom application name in the middle section for changing the settings:
Step1.jpgClick your custom application.

2. Under the Configuration tab, click the checkbox Continue scanning for other Applications:
Step2.jpgClick the checkbox, "Continue scanning for other Applications."

3. Click OK to close the custom application window and commit to apply the settings.
Step3.jpgClose the custom application window.

 

See also


Getting Started: Custom applications and app override
https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Custom-applications-and-app-override/ta-p/71635

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZmCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language