Minimal configuration for Custom Apps

JimmyChernega — Thu, 31 Mar 2022 18:13:47 GMT

Our programmer wrote an app that uses TCP/9901 and 9902 to transfer data between the East and West buildings. Let's call it JC-App. What is the minimum configuration on both the East and West Firewalls? Also, what would need to be added to require the use of Application Override ?? Thanks. jc

Re: Minimal configuration for Custom Apps

nikoolayy1 — Mon, 29 Aug 2022 12:27:16 GMT

Hello,

If you do not wish the App to be checked for any attacks then use Application Override . If the application is HTTP based for example you can add web-browsing as the parent application for example so that app will be checked for web attacks:

https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/create-a-custom-application-signature

Also the firewall will check the session for the inbound direction and the return traffic will be auto allowed so if the traffic only from east to west then you will need to add the security rule on inbound interface of the east fw and then on the interface on the west fw that the west fw talks with east firewall.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVECA0

topic Minimal configuration for Custom Apps in Custom Signatures

Minimal configuration for Custom Apps

Re: Minimal configuration for Custom Apps