Palo Alto Networks Knowledgebase: Creating custom app in Panorama with reserved names disables antivirus inspection

Creating custom app in Panorama with reserved names disables antivirus inspection

(293 Views)
Created On 09/26/18 19:12 PM - Last Updated 09/26/18 20:38 PM
Categories:  Threat Intelligence,  Threat Prevention

Issue:


Symptoms

A warning is raised during a 'Commit All' job pushed from Panorama to a managed firewall: (2 examples)

 

Warning: Profile compiler : Default Modified Alerting app http virus ident is disabled
Warning: Profile compiler : Default Modified Alerting app smb virus ident is disabled

The firewall is no longer triggering http or smb Antivirus or Wildfire-Virus signatures.

Diagnosis

A Custom Application is defined in Panorama, named 'http' or 'smb', and was pushed down to managed devices.

 

The issue is particularly prone to happen when users want to override the default application name 'web-browsing' to show as 'http', or default application name 'ms-ds-smb' to show as 'smb'.

 

The issue is not observed if the Custom Application named 'http' or 'smb' is defined locally on the firewall, since it will produce a Commit failure, however, a 'Commit All' job from Panorama is allowed to succeed.

 

The issue affects all current PAN-OS versions.

Solution:


Delete or Rename the custom app from 'http' to 'http-custom', or from 'smb' to 'smb-custom' in Panorama.

Commit to Panorama and Push to affected managed devices.

 

This problem is currently being worked under issue ID: PAN-84703

Attachments:

Actions:
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm2xCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Change Language: