The following document describes what applications take precedence first.
Details
Custom Applications take precedence over predefined applications (including new Applications released in content updates) for matching traffic types when the traffic matches both a custom and local pattern. This is also true for VSYS specific custom applications (applications defined for individual VSYS).
Note: This action will take affect on the traffic immediately after a commit completes.
The Custom App will be matched without modifications to the security policy when a rule is defined with "application any". This occurs automatically even if the Custom Application is not used in a security policy or forced through the App Override when matching a rule with "application any", so long as the new application signature is defined correctly.
Example scenario
Note: This is simply an example and applies to any properly configured Custom Application.
For this scenario, create a new custom application for "ping" including ICMP type 8 and 0 named "ping-custom".
From the WebGUI, go to Objects > Applications and click Add, in the lower left hand corner:
On the Configuration Tab, give it a name: "ping-custom":
Go into the Advanced Tab, select ICMP Type, and then put "0,8" in the field below:
Commit the policy with the new application.
Traffic logs will immediately reflect the new custom application name "ping-custom" as the new application defined successfully matches the criteria defined and takes precedence over the built in ping application. Example Traffic log: