https://live.paloaltonetworks.com/t5/next-generation-firewall/application-based-rule/m-p/566488#M2130 <P>hello,</P> <P>do you mean that you want to create a rule base using application-id?<BR />if so you can create the traffic and see the kind of app used and than apply it.<BR />please know that there is a "depend on" application list, witch means that if you want to allow lets say 'facebook chat' you need to approve '443, facebook' ect..</P> <P>if you have more questions feel free.</P> <P>&nbsp;</P> <P>#####</P> <P>&nbsp;</P> <P>i read again your post, if the application is incomplete note that it can caused by:<BR />1. deny rule that in an other FW in the flow/ the desired server/client isnt responding with a syn-ack - so that the three-way-handshake isnt complete</P> <P>2. the three-way-handshake did complete but there ware not enough data to distinguish which app the traffic is intended to.&nbsp;&nbsp;</P> Tue, 21 Nov 2023 14:09:25 GMT Major2375 2023-11-21T14:09:25Z https://live.paloaltonetworks.com/t5/next-generation-firewall/application-based-rule/m-p/566480#M2129 <P>Hi All ,<BR />We are planning to implement application based rule like under application tab add required app and under service tab add application default.<BR /><EM>However what would be best approach to apply rule where application is showing "incomplete".</EM><BR />Currently we have any any set , so we are planning above steps and don't want to break any on going traffic.</P> Tue, 21 Nov 2023 12:35:52 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/application-based-rule/m-p/566480#M2129 DeepakVerma 2023-11-21T12:35:52Z https://live.paloaltonetworks.com/t5/next-generation-firewall/application-based-rule/m-p/566488#M2130 <P>hello,</P> <P>do you mean that you want to create a rule base using application-id?<BR />if so you can create the traffic and see the kind of app used and than apply it.<BR />please know that there is a "depend on" application list, witch means that if you want to allow lets say 'facebook chat' you need to approve '443, facebook' ect..</P> <P>if you have more questions feel free.</P> <P>&nbsp;</P> <P>#####</P> <P>&nbsp;</P> <P>i read again your post, if the application is incomplete note that it can caused by:<BR />1. deny rule that in an other FW in the flow/ the desired server/client isnt responding with a syn-ack - so that the three-way-handshake isnt complete</P> <P>2. the three-way-handshake did complete but there ware not enough data to distinguish which app the traffic is intended to.&nbsp;&nbsp;</P> Tue, 21 Nov 2023 14:09:25 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/application-based-rule/m-p/566488#M2130 Major2375 2023-11-21T14:09:25Z