https://live.paloaltonetworks.com/t5/general-topics/custom-applications-and-application-override/m-p/115912#M45437 <P>In general, you would use an application override policy if your custom application is not being correctly detected AND the PA is assigning the flow to a DIFFERENT built in application.</P><P>&nbsp;</P><P>The application override then prevents the upper layer inspection as&nbsp;Myky notes and thus prevents the mis-classification of the traffic.</P><P>&nbsp;</P><P>If you custom application successfully matches the traffic then no application override is needed.</P> Sat, 24 Sep 2016 14:12:48 GMT pulukas 2016-09-24T14:12:48Z https://live.paloaltonetworks.com/t5/general-topics/custom-applications-and-application-override/m-p/115406#M45412 <P>I'm looking to get a better understanding of how custom applications work in relation to application override policies vs security policies.</P><P>&nbsp;</P><P>I have created a simple custom application with just a tpc port for an internal application. There appears to be two unrelated routes I can then take with this new application.</P><P>1. I can add it to the application group I created for my security policy so it is allowed with the rest of the applications in it.</P><P>2. I can add it to an application override policy.</P><P>&nbsp;</P><P>These two do not seem to be related. From my reading it sounds like application override means that vulnerability scanning will not be done on the application. Is this the case?</P><P>&nbsp;</P><P>Should I have the new application both in the override policy <EM>and</EM> the&nbsp;application group that is in the security policy, or is only one policy necessary? If only one is necessary, what are the pros and cons of each?</P><P>&nbsp;</P><P>Thank you.</P> Thu, 22 Sep 2016 16:25:40 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-applications-and-application-override/m-p/115406#M45412 GLorhammer 2016-09-22T16:25:40Z https://live.paloaltonetworks.com/t5/general-topics/custom-applications-and-application-override/m-p/115435#M45416 <P>Hello,</P><P>&nbsp;</P><P>This is a great article:</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Custom-applications-and-app-override/ta-p/71635" target="_blank">https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Custom-applications-and-app-override/ta-p/71635</A></P><P>&nbsp;</P><P>So with "custom application" in the security&nbsp;policy , without application-override policy, Palo&nbsp;will be scanning your app up to the Layer7.&nbsp;</P><P>When you have&nbsp;<SPAN>application-override policy with custom app in the security policy your custom app will be scanned&nbsp;up to the Layer 4, so plain TCP/UDP port match.</SPAN></P><P>&nbsp;</P><P><SPAN>Thx,</SPAN></P><P><SPAN>Myky</SPAN></P> Thu, 22 Sep 2016 18:13:13 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-applications-and-application-override/m-p/115435#M45416 TranceforLife 2016-09-22T18:13:13Z https://live.paloaltonetworks.com/t5/general-topics/custom-applications-and-application-override/m-p/115912#M45437 <P>In general, you would use an application override policy if your custom application is not being correctly detected AND the PA is assigning the flow to a DIFFERENT built in application.</P><P>&nbsp;</P><P>The application override then prevents the upper layer inspection as&nbsp;Myky notes and thus prevents the mis-classification of the traffic.</P><P>&nbsp;</P><P>If you custom application successfully matches the traffic then no application override is needed.</P> Sat, 24 Sep 2016 14:12:48 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-applications-and-application-override/m-p/115912#M45437 pulukas 2016-09-24T14:12:48Z https://live.paloaltonetworks.com/t5/general-topics/custom-applications-and-application-override/m-p/118451#M45628 <P>Thank you both, this is very helpful.</P> Fri, 07 Oct 2016 15:18:43 GMT https://live.paloaltonetworks.com/t5/general-topics/custom-applications-and-application-override/m-p/118451#M45628 GLorhammer 2016-10-07T15:18:43Z