https://live.paloaltonetworks.com/t5/general-topics/creating-custom-applications-dummies-guide/m-p/5406#M3972 <HTML><HEAD></HEAD><BODY><P>Is there a dummies guide to creating custom application please?</P><P></P><P>We have a couple of "in-house" apps that always pass traffic on certain ports, always to/from a certain IP range, and I'm struggling to see how to put "something" in place that says "If this traffic is between source A and destination B and is on port XYZ it is CustomApp"?</P><P></P><P>Equally we have a couple of apps that need a stupid amount combination of ports/port-ranges open.&nbsp; AIUI with a custom app you can only specify one port at a time?&nbsp; How would this work if your source and destination are always the same but the ports could be one of several hundred i.e. the app uses port(s) 7000-76500 TCP/UDP?</P><P></P><P>Essentially I just want to not have "Unknown TCP/UDP" in the ACC for traffic matching those policies if possible.</P><P></P><P>Thanks,</P></BODY></HTML> Wed, 24 Feb 2010 16:16:16 GMT networkadmin 2010-02-24T16:16:16Z https://live.paloaltonetworks.com/t5/general-topics/creating-custom-applications-dummies-guide/m-p/5406#M3972 <HTML><HEAD></HEAD><BODY><P>Is there a dummies guide to creating custom application please?</P><P></P><P>We have a couple of "in-house" apps that always pass traffic on certain ports, always to/from a certain IP range, and I'm struggling to see how to put "something" in place that says "If this traffic is between source A and destination B and is on port XYZ it is CustomApp"?</P><P></P><P>Equally we have a couple of apps that need a stupid amount combination of ports/port-ranges open.&nbsp; AIUI with a custom app you can only specify one port at a time?&nbsp; How would this work if your source and destination are always the same but the ports could be one of several hundred i.e. the app uses port(s) 7000-76500 TCP/UDP?</P><P></P><P>Essentially I just want to not have "Unknown TCP/UDP" in the ACC for traffic matching those policies if possible.</P><P></P><P>Thanks,</P></BODY></HTML> Wed, 24 Feb 2010 16:16:16 GMT https://live.paloaltonetworks.com/t5/general-topics/creating-custom-applications-dummies-guide/m-p/5406#M3972 networkadmin 2010-02-24T16:16:16Z https://live.paloaltonetworks.com/t5/general-topics/creating-custom-applications-dummies-guide/m-p/5407#M3973 <HTML><HEAD></HEAD><BODY><P>The way to do this is to use Application Override rules. You can specify a source/destination address as well as a destination port or port range and map that to a specific application. In your example you would create a custom app (don't work about the port definition or any signatures) called CustomApp and map all traffic from you given src/dest on ports 7000-76500 to this application using an Application Override rule.</P><P></P><P>Mike</P></BODY></HTML> Wed, 24 Feb 2010 16:33:09 GMT https://live.paloaltonetworks.com/t5/general-topics/creating-custom-applications-dummies-guide/m-p/5407#M3973 mjacobsen 2010-02-24T16:33:09Z https://live.paloaltonetworks.com/t5/general-topics/creating-custom-applications-dummies-guide/m-p/5408#M3974 <HTML><HEAD></HEAD><BODY><P>Brilliant thanks Mike - I was coming at it from the wrong angle and assuming I'd need to know a lot of low-level detail to create the custom app, so all I've done is fill in the new app detail using the basics and used the starting TCP port as it won't let me specify a range in an app.</P><P></P><P>Right now this isn't an issue, but is there any way to define an override against a URL/set of URLs vs. a "raw" IP address or network?&nbsp; It's something I can foresee for a couple of things we may be using.</P><P></P><P>Thanks.</P></BODY></HTML> Wed, 24 Feb 2010 17:35:06 GMT https://live.paloaltonetworks.com/t5/general-topics/creating-custom-applications-dummies-guide/m-p/5408#M3974 networkadmin 2010-02-24T17:35:06Z https://live.paloaltonetworks.com/t5/general-topics/creating-custom-applications-dummies-guide/m-p/5409#M3975 <HTML><HEAD></HEAD><BODY><P>Hmm I spoke a little too soon - the rule works and classifies traffic, but on the ACC page all I have for "risk" is a little white square - there is no risk rating listed, even though on the objects/applications it shows with the expected green "1" icon.</P><P></P><P>Why might this be please?</P><P></P><P>I tried changing the risk to "2" just to see if it's some weird caching/rendering thing but it does it consistently in Chrome/Firefox/IE, just a white box.</P><P></P><P>If I look at the properties of the white box it's "risk_0.gif" though when I click the application to break down the ACC view it definitely shows with whatever risk level I give it.</P></BODY></HTML> Wed, 24 Feb 2010 19:35:53 GMT https://live.paloaltonetworks.com/t5/general-topics/creating-custom-applications-dummies-guide/m-p/5409#M3975 networkadmin 2010-02-24T19:35:53Z https://live.paloaltonetworks.com/t5/general-topics/creating-custom-applications-dummies-guide/m-p/5410#M3976 <HTML><HEAD></HEAD><BODY><P>This is a known bug. It has been addressed in the upcoming PAN-OS 3.1. It should not effect the behavior of the application, only the displayed risk in ACC.</P><P></P><P>Mike</P></BODY></HTML> Wed, 24 Feb 2010 21:55:42 GMT https://live.paloaltonetworks.com/t5/general-topics/creating-custom-applications-dummies-guide/m-p/5410#M3976 mjacobsen 2010-02-24T21:55:42Z