https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/593366#M118099 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/176305">@Sarou22</a>&nbsp;</P> <P><SPAN>Application override forcibly bypasses the AppID process and sets a session to match a manually configured Application name. Any sessions processed like this will not be scanned by parallel processing and will be offloaded to fastpath</SPAN></P> <P>&nbsp;</P> <P><SPAN>For most use cases, we recommend creating a simple custom application with as few attributes as possible, as the app override will bypass scanning or signature detection. It will simply identify a session as the custom application and take no further action. This can be a very simple but powerful tool to help identify internal applications and improve throughput as the session is offloaded to hardware immediately, but please consider the security implications.</SPAN></P> <P><SPAN>The following links explain with more details about Application Override</SPAN></P> <P><SPAN><A href="https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-create-an-application-override/ba-p/451872/redirect_from_archived_page/true" target="_blank">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-create-an-application-override/ba-p/451872/redirect_from_archived_page/true</A></SPAN></P> <P>&nbsp;</P> <P><SPAN><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK</A></SPAN></P> <P>&nbsp;</P> <P><SPAN><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0</A></SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 29 Jul 2024 20:05:25 GMT Alejandro_Hernandez 2024-07-29T20:05:25Z https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/593323#M118093 <P>&nbsp;</P> <P>Hello,</P> <P>Application Override to a custom application will force the firewall to bypass Content and Threat inspection</P> <P>I've read several documents but I still don't understand the point of doing this. What's the point?</P> <P>&nbsp;</P> <P>Thanks</P> Mon, 29 Jul 2024 13:38:00 GMT https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/593323#M118093 Sarou22 2024-07-29T13:38:00Z https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/593366#M118099 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/176305">@Sarou22</a>&nbsp;</P> <P><SPAN>Application override forcibly bypasses the AppID process and sets a session to match a manually configured Application name. Any sessions processed like this will not be scanned by parallel processing and will be offloaded to fastpath</SPAN></P> <P>&nbsp;</P> <P><SPAN>For most use cases, we recommend creating a simple custom application with as few attributes as possible, as the app override will bypass scanning or signature detection. It will simply identify a session as the custom application and take no further action. This can be a very simple but powerful tool to help identify internal applications and improve throughput as the session is offloaded to hardware immediately, but please consider the security implications.</SPAN></P> <P><SPAN>The following links explain with more details about Application Override</SPAN></P> <P><SPAN><A href="https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-create-an-application-override/ba-p/451872/redirect_from_archived_page/true" target="_blank">https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-create-an-application-override/ba-p/451872/redirect_from_archived_page/true</A></SPAN></P> <P>&nbsp;</P> <P><SPAN><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK</A></SPAN></P> <P>&nbsp;</P> <P><SPAN><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0</A></SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 29 Jul 2024 20:05:25 GMT https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/593366#M118099 Alejandro_Hernandez 2024-07-29T20:05:25Z https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/593373#M118100 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/176305">@Sarou22</a>&nbsp; &nbsp;Please read this&nbsp;</P> <P>&nbsp;</P> <P>In general, you would use an application override policy if your custom application is not being correctly detected AND the PA is assigning the flow to a DIFFERENT built in application.</P> <P>&nbsp;</P> <P>The application override then prevents the upper layer inspection as and thus prevents the misclassification of the traffic.</P> <P>If your custom application successfully matches the traffic, then no application override is needed.</P> <P>&nbsp;</P> <P>Regards</P> Mon, 29 Jul 2024 20:54:13 GMT https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/593373#M118100 MP18 2024-07-29T20:54:13Z https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/593380#M118101 <P>Thank you very much&nbsp;</P> Mon, 29 Jul 2024 21:50:15 GMT https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/593380#M118101 Sarou22 2024-07-29T21:50:15Z