How much data is necessary to recognize an application
44385
Created On 09/25/18 17:42 PM - Last Modified 02/08/22 21:53 PM
Resolution
Additional Information
If it is imperative to block the data in the first packet after the 3-way-handshake, a custom application can be created. When adding the Signature, set the Operator as "Pattern Match" and the Context as "pre-app-req-data". Create a Security Policy "Deny" rule with this Custom Application and place it above your existing Allow rules. On the 4th packet (1st data packet after the TCP handshake), if the signature is matched, the application will be identified and the session will be denied by this policy.
Note: Palo Alto Networks TAC cannot assist in creating custom signatures. Professional Services can help with this. Contact your sales engineer for more information.
TDC