topic Re: Custom APP based on existing in General Topics

Custom APP based on existing

helenio.sartori — Fri, 26 Jul 2013 09:18:42 GMT

Hello,

I have a policy that block phpproxy application for security reason.

There is a web site http://www.sac-cas.ch (shop tab) is blocked because some request are recognised as phpproxy application.

I'd like to build an application that allow phpproxy when host is www.sac-cas.ch in a way to bypass the block.

Here below the custom application I created for this purposed.

Basically the application has as parent app phpproxy and signature match host www.sac-cas.ch.

I don't know why but it seams that this customer application in recognized not only when application is phpproxy but eve if the traffic i web browsing. Where I'm doing wrong ? It somethong related to App dependencies ?

Re: Custom APP based on existing

ukhapre — Fri, 26 Jul 2013 19:09:48 GMT

Hello, you need to setup 'Application Override policy' to allow custom application get identified.

Also make sure to add custom application in the security policy to allow traffic.

Hope this helps.

Unnati

Re: Custom APP based on existing

UhMayYeah — Fri, 26 Jul 2013 21:44:15 GMT

As php-proxy in turn depends web-browsing try using Parent App as Web-browsing.

Reasoning : The App-ID engine processes applications in a hierarchy that looks for web-browsing, then web-based applications such as php-proxy and then custom http applications.

By choosing web-browsing ,an application that is lower in the hierarchy, the PAN-OS is forced to recognize and react to that traffic earlier than it normally would for a custom http application.

Re: Custom APP based on existing

helenio.sartori — Mon, 29 Jul 2013 08:13:21 GMT

I think Application override is not the right approach as I don't have particular destibnation ip or source ip. It is really a news app based on existing one.

if I use web-browsing as Parent app it means that all traffic from the site will be classified as custom application, my intend was to recognize as custom application only phpproxy traffic type.

Anyway I don't understand why if I definine phpproxy app as parent the web-browsing traffic is recognized by the custom app.

suggestion ?

Re: Custom APP based on existing

CafNetMatt — Thu, 19 Mar 2015 00:50:43 GMT

Sorry to bump this after so long but what I wanted to do is relevant.

I wanted to just change ports on an existing app without having to use 'Any' or have to list all ports for the application and it's dependencies. I was hoping to create a custom app with the original app as the parent and just list the port it would use.

I believe the Application Override suggestion above would be needed. From reading the documentation, you have to include a signature in the custom app. The only time you do not is if you're using it in an Application Override policy. That's kinda a bummer. Thought I'd get off easy.

What I'm hoping is that I can build a custom app with the built-in app as the parent, create an Application Override just for that new app and in the security policy add the built in app & the custom app.

I've seen custom apps built without signatures and they always end up including all the ports from the original app, an Application Override created and the original app then not used. This seems to be no different than just creating a Service Object because signatures are no longer used; just ports.

This is where being able to clone a built in app would be helpful. :smileylaugh: