https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-unidentifed-and-insufficient-data-application-in/m-p/41637#M30621 <HTML><HEAD></HEAD><BODY><P>Well you could manually create an Application and base it on certain signature criteria. I have had to do this for certain Sharepoint sites to allow access to the files on there for my users. For that I based the signature on the sites HTTP-req-host-Header's and the ports it uses but you can base it on other things.</P><P></P><P>If you do that and then add your newly created application to your allow rule it should in theory work. But you might have to play around with how you identify the application until you find a signature that correctly identifies it for you.</P></BODY></HTML> Tue, 30 Oct 2012 11:43:07 GMT JRussell 2012-10-30T11:43:07Z https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-unidentifed-and-insufficient-data-application-in/m-p/41636#M30620 <HTML><HEAD></HEAD><BODY><P>Hi, I have some problem. As our design, we allow certain application in policies and deny all at the bottom. and we found that PAN device can't identify some app. so it is denied at the last rule.</P><P></P><P>How could we allow this unidentified app if we can't select this in application list?</P></BODY></HTML> Tue, 30 Oct 2012 09:43:40 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-unidentifed-and-insufficient-data-application-in/m-p/41636#M30620 mindterra 2012-10-30T09:43:40Z https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-unidentifed-and-insufficient-data-application-in/m-p/41637#M30621 <HTML><HEAD></HEAD><BODY><P>Well you could manually create an Application and base it on certain signature criteria. I have had to do this for certain Sharepoint sites to allow access to the files on there for my users. For that I based the signature on the sites HTTP-req-host-Header's and the ports it uses but you can base it on other things.</P><P></P><P>If you do that and then add your newly created application to your allow rule it should in theory work. But you might have to play around with how you identify the application until you find a signature that correctly identifies it for you.</P></BODY></HTML> Tue, 30 Oct 2012 11:43:07 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-unidentifed-and-insufficient-data-application-in/m-p/41637#M30621 JRussell 2012-10-30T11:43:07Z https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-unidentifed-and-insufficient-data-application-in/m-p/41638#M30622 <HTML><HEAD></HEAD><BODY><P>Thats the proper way of handling this (create custom appid).</P><P></P><P>As a workaround you can also use application override and instruct PA that traffic from srcip/range to dstip/range on a specific port lets say TCP80 should be identified as "web-browsing" instead of unknown or whatever.</P></BODY></HTML> Tue, 30 Oct 2012 18:51:18 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-unidentifed-and-insufficient-data-application-in/m-p/41638#M30622 mikand 2012-10-30T18:51:18Z