PBF based on application
Can I use any pre-defined application or custom applications with PBF ?
For a PBF policy to work, only the source zone or interface is required:
In the destination, applications can be configured but only pre-defined applications can be added.
Custom applications, Application filters and Application Groups cannot be used to create a PBF policy:
Furthermore, as mentioned in the Admin Guide, application-specific rules are not recommended for use with PBF:
PBF rules are applied either on the first packet (SYN) or the first response to the first packet (SYN/ACK). This means that a PBF rule may be applied before the firewall has enough information to determine the application. Therefore, application-specific rules are not recommended for use with PBF. Whenever possible, use a service object, which is the Layer 4 port (TCP or UDP) used by the protocol or application.
- The list of available applications does not include the full list of applications, because the identification of some applications require more packets to be captured.
You can check the list of available applications under Policies > Policy Based Forwarding > Destination/Application/Services: