https://live.paloaltonetworks.com/t5/general-topics/application-overrides/m-p/162457#M52701 <P>AppID will always try to identify the most accurate definition of an application</P> <P>&nbsp;</P> <P>so if you write a custom app that triggers on a signature, the custom app should be triggered</P> <P>if you can only provide some ports and the application behaves like web-browsing, web-browsing will be more accurate</P> <P>&nbsp;</P> <P>the 'other' way is to use app override</P> <P>&nbsp;</P> <P>why don't you want the PA's to inspect the flow? if you're accidentally hitting vulnerabilities, you can create override (in the threat/av/as), if AppID is the issue you can set up packetcapture and write signatures to properly identify the custom apps and no longer have the override issue</P> <P>&nbsp;</P> <P>here's an artiicle that may help</P> <P><A title="Getting Started: Custom applications and app override" href="https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Custom-applications-and-app-override/ta-p/71635" target="_blank">Getting Started: Custom applications and app override</A></P> Wed, 21 Jun 2017 07:39:33 GMT reaper 2017-06-21T07:39:33Z https://live.paloaltonetworks.com/t5/general-topics/application-overrides/m-p/162413#M52698 <P>Hi</P><P>&nbsp;</P><P>So I ran ito the 150 application over rides limit.</P><P>&nbsp;</P><P>At my location I have a lot of java app running, they normally provide a http interface a JMX and RMI and https interface. and when you have 15 -20 of these that suchs up a lot of application override</P><P>&nbsp;</P><P>I don't want the PA's inspecting the flows.</P><P>&nbsp;</P><P>First I tried creating my custom application and provided the ports. But cause it is HTTP traffic the PA;s would classify it as web-browsing. &nbsp;I don't want this. So I found the only way to over ride this was to use applicaiton overrides.</P><P>&nbsp;</P><P>So for auditing I created an application over ride for each port and application......</P><P>&nbsp;</P><P>Now I am stuck ... added my 151 applicaiton override in panorama and tried to push out and it failed ...</P><P>&nbsp;</P><P>Now I am rethinking. &nbsp;Currenty thinking I might group my applicaiton overrides. &nbsp;For example all the applicaitons have a http port and typically a RMI and JMX port. &nbsp;I thought I could have a generic JMX port over ride and lump in all the port numbers in the application override object.</P><P>&nbsp;</P><P>then my next tricky thing was create a custom applicaiton say JMX port and sub applications say JMX app1, JMX app2.</P><P>&nbsp;</P><P>So applicaiton override would say applicaiton override is JMX and hopefully because jmx has children custom apps called jmx app1 and jmxapp2 it will pick them based upon the port number .</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Or &nbsp;is there any other way of doing this ??</P><P>&nbsp;</P><P>is there a way to force my custom applicataions to have higher priority over the inbuild ones - especially web browser</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 21 Jun 2017 00:13:41 GMT https://live.paloaltonetworks.com/t5/general-topics/application-overrides/m-p/162413#M52698 Alex_Samad 2017-06-21T00:13:41Z https://live.paloaltonetworks.com/t5/general-topics/application-overrides/m-p/162457#M52701 <P>AppID will always try to identify the most accurate definition of an application</P> <P>&nbsp;</P> <P>so if you write a custom app that triggers on a signature, the custom app should be triggered</P> <P>if you can only provide some ports and the application behaves like web-browsing, web-browsing will be more accurate</P> <P>&nbsp;</P> <P>the 'other' way is to use app override</P> <P>&nbsp;</P> <P>why don't you want the PA's to inspect the flow? if you're accidentally hitting vulnerabilities, you can create override (in the threat/av/as), if AppID is the issue you can set up packetcapture and write signatures to properly identify the custom apps and no longer have the override issue</P> <P>&nbsp;</P> <P>here's an artiicle that may help</P> <P><A title="Getting Started: Custom applications and app override" href="https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Custom-applications-and-app-override/ta-p/71635" target="_blank">Getting Started: Custom applications and app override</A></P> Wed, 21 Jun 2017 07:39:33 GMT https://live.paloaltonetworks.com/t5/general-topics/application-overrides/m-p/162457#M52701 reaper 2017-06-21T07:39:33Z