Palo Alto Networks Knowledgebase: How to create a custom application for ALG apps

How to create a custom application for ALG apps

Created On 09/25/18 19:30 PM - Last Updated 02/08/19 00:00 AM


After matching a custom application, the Palo Alto Networks firewall cannot create the PREDICT session by ALG, which might result in  'file transfer failed on ftp data connection.'


If you do not check "Continue scanning for other Applications" on a custom application, the Palo Alto Networks firewall will stop the L7 scan and hardware offload the session after matching it to the custom application.
After the session is offloaded, even if an ALG trigger packet comes to the firewall, it will not be picked-up. 


Change a Custom Application settings following the steps below:

1. From Objects > Applications, click your custom application name in the middle section for changing the settings:
Step1.jpgClick your custom application.

2. Under the Configuration tab, click the checkbox Continue scanning for other Applications:
Step2.jpgClick the checkbox, "Continue scanning for other Applications."

3. Click OK to close the custom application window and commit to apply the settings.
Step3.jpgClose the custom application window.


See also

Getting Started: Custom applications and app override


  • Print
  • Copy Link

Choose Language