topic Application Risk level in General Topics

Application Risk level

jdprovine — Thu, 16 Nov 2017 19:14:01 GMT

What happens when you change an application risk number from a 5 to a 1? Does this just change the read out of your risk level or does it change the way the firewall acts on the application?

Re: Application Risk level

gwesson — Thu, 16 Nov 2017 19:38:31 GMT

Application risk levels are only cosmetic, they do not directly affect any action on the firewall. So if you change one, it is just a visual change.

If you create an Application Filter that uses the risk level as its trigger, then any changes you make to an app's risk level will be calculated there as well.

Re: Application Risk level

jdprovine — Thu, 16 Nov 2017 19:53:55 GMT

@gwesson

that is what I thought but one of my coworker is changing them but I don't think it is gaining him anything other a lower risk rating. I think if you did an application override you would get different results

Re: Application Risk level

BPry — Thu, 16 Nov 2017 21:42:21 GMT

@jdprovine,

What exactly is your coworker trying to do? Lowering the risk level, and overall fine-tuning the risk to your environment, is nice to do in a handful of situations. Application filters are effected if you built them by risk, Risk reports will probably mirror the environment you are in, and some other benefits.

Most of the installs I've seen don't take the time to do anything with Application Risk levels, but if you aren't decrypting traffic lowing the risk level of web-browsing and SSL could give you nicer looking management reports.

Re: Application Risk level

jdprovine — Fri, 17 Nov 2017 13:53:33 GMT

@BPry

I am not sure what his point is but I am going to talk to them today and clarify that it is only making cosmetic changes, it is not changing the way the PA acts on that app. I think he may mistaken the recommendation of the SE to make sure that regularly used application be allowed through the firewall.