https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-app-id-for-all-applications/m-p/32081#M23517 <HTML><HEAD></HEAD><BODY><P>Hi Andrew,</P><P></P><P>You should be able to use an application override policy with a custom application.&nbsp; The application override policy can be defined for a particular source or destination IP range/subnet.&nbsp; Any session which matches the app override policy will be classified as the custom application.&nbsp; This will also disable all layer 7 inspection on that traffic.</P><P></P><P>The document below gives further details.</P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-1071">https://live.paloaltonetworks.com/docs/DOC-1071</A></P><P></P><P>Thanks,</P><P>-- Kevin</P></BODY></HTML> Wed, 10 Oct 2012 17:32:23 GMT kfindlen 2012-10-10T17:32:23Z https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-app-id-for-all-applications/m-p/32079#M23515 <HTML><HEAD></HEAD><BODY><P>Hello, </P><P></P><P>I've got two VWIRE pairs that see some duplicate traffic.&nbsp; </P><P>Basically:</P><P>VWIRE1 sees LAN to Internet</P><P>VWIRE2 sees LAN+DMZ to Internet.</P><P></P><P>What I'd like to do to free up some resources is disable inspection on one of those pairs for traffic when source IP matches a CIDR block.&nbsp; Creating a custom application doesn't work in this case.</P><P>Has anyone been able to do this?</P><P></P><P>thank you!</P><P>Andrew</P></BODY></HTML> Wed, 10 Oct 2012 17:25:00 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-app-id-for-all-applications/m-p/32079#M23515 abarnett 2012-10-10T17:25:00Z https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-app-id-for-all-applications/m-p/32080#M23516 <HTML><HEAD></HEAD><BODY><P>Andrew,</P><P></P><P>Here is the link to disable application inspection on the firewall for certain traffic.</P><P><A _jive_internal="true" class="active_link" href="https://live.paloaltonetworks.com/docs/DOC-2816">https://live.paloaltonetworks.com/docs/DOC-2816</A></P><P></P><P>Create two custom applications under Objects&gt;Applications</P><P></P><P>1 )&nbsp; For tcp port,&nbsp; select under port :- tcp/dynamic</P><P>2) For UDP, select under port :udp/dynamic</P><P></P><P>Create two separate application override rules , one of tcp and the other for udp traffic.</P><P></P><P>One security rue will have protocol TCP&nbsp; and ports 0-65535</P><P>The other security rule will have protocol UDP and port 0-65535</P><P></P><P>Let me know if this helps.</P><P></P><P>Regards</P></BODY></HTML> Wed, 10 Oct 2012 17:31:54 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-app-id-for-all-applications/m-p/32080#M23516 ppatel 2012-10-10T17:31:54Z https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-app-id-for-all-applications/m-p/32081#M23517 <HTML><HEAD></HEAD><BODY><P>Hi Andrew,</P><P></P><P>You should be able to use an application override policy with a custom application.&nbsp; The application override policy can be defined for a particular source or destination IP range/subnet.&nbsp; Any session which matches the app override policy will be classified as the custom application.&nbsp; This will also disable all layer 7 inspection on that traffic.</P><P></P><P>The document below gives further details.</P><P><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-1071">https://live.paloaltonetworks.com/docs/DOC-1071</A></P><P></P><P>Thanks,</P><P>-- Kevin</P></BODY></HTML> Wed, 10 Oct 2012 17:32:23 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-app-id-for-all-applications/m-p/32081#M23517 kfindlen 2012-10-10T17:32:23Z https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-app-id-for-all-applications/m-p/32082#M23518 <HTML><HEAD></HEAD><BODY><P>Andrew,</P><P></P><P>Once you create the application over ride rule along with the custom application and commit, you need to clear all the existing sessions from the firewall that uses inbuilt application</P><P></P><P>&gt;clear session all</P><P>OR</P><P>&gt;clear session all filter source &lt;x.x.x.x&gt;</P><P></P><P>Now test the application override rule by sending traffic.</P><P></P><P>Regards</P><P>Parth</P></BODY></HTML> Wed, 10 Oct 2012 17:36:17 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-app-id-for-all-applications/m-p/32082#M23518 ppatel 2012-10-10T17:36:17Z