https://live.paloaltonetworks.com/t5/advanced-threat-prevention/stop-vulnerability-scanning-based-on-app-id/m-p/165106#M40 <P>We have created a custom app id for internal only traffic that is currently generating false positives in our vulnerability scanning.</P><P>&nbsp;</P><P>We ideally would like to stop this particular app-id from being scanned for vulnerabilites or at least a specific vulnerability. Unfortunately I've found no way to create an exception based on ID.</P><P>&nbsp;</P><P>Application Override would suit us but from the documentation, I gather the signature of the app isn't processed and only the criterea specified in the override. We often seem to look at creating exceptions but the options for this at least appear to me to be too non-specific.</P><P>&nbsp;</P><P>Can someone provide some insight?</P> Fri, 07 Jul 2017 03:40:11 GMT illuzian 2017-07-07T03:40:11Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/stop-vulnerability-scanning-based-on-app-id/m-p/165106#M40 <P>We have created a custom app id for internal only traffic that is currently generating false positives in our vulnerability scanning.</P><P>&nbsp;</P><P>We ideally would like to stop this particular app-id from being scanned for vulnerabilites or at least a specific vulnerability. Unfortunately I've found no way to create an exception based on ID.</P><P>&nbsp;</P><P>Application Override would suit us but from the documentation, I gather the signature of the app isn't processed and only the criterea specified in the override. We often seem to look at creating exceptions but the options for this at least appear to me to be too non-specific.</P><P>&nbsp;</P><P>Can someone provide some insight?</P> Fri, 07 Jul 2017 03:40:11 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/stop-vulnerability-scanning-based-on-app-id/m-p/165106#M40 illuzian 2017-07-07T03:40:11Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/stop-vulnerability-scanning-based-on-app-id/m-p/165367#M41 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/68290">@illuzian</a>@</P><P>&nbsp;</P><P>After you create the custom app, and the application override policy, you can create a security policy.</P><P>&nbsp;</P><P>In the security policy, you will specify the custom application you just created, but you will not apply any security profile. This will avoid the application from being scanned by the IPS engine. Remeber that you can be selective, and apply other profiles if you need too.</P><P>Since it is an internal application, and you seem to trust it, if performance is an issue, I would create this security policy with the DSRI feature in disabled state.</P><P>A session on the firewall comprises two flows, client to server and server to client. The DSRI feature on the Palo Alto Networks firewall can be enabled to skip the inspection of the Server to Client flow.</P><P><A href="https://live.paloaltonetworks.com/t5/Featured-Articles/DotW-Using-DSRI-with-the-Palo-Alto-Networks-firewall/ta-p/70666" target="_blank">https://live.paloaltonetworks.com/t5/Featured-Articles/DotW-Using-DSRI-with-the-Palo-Alto-Networks-firewall/ta-p/70666</A></P><P>&nbsp;</P><P>I hope this helps.</P> Sat, 08 Jul 2017 18:21:11 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/stop-vulnerability-scanning-based-on-app-id/m-p/165367#M41 acc6d0b3610eec313831f7900fdbd235 2017-07-08T18:21:11Z