https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/215093#M62450 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/53640">@sidalpha2000</a>,</P><P>Can you rephrase your question a little bit. Not sure what you are actually asking here.&nbsp;</P> Tue, 22 May 2018 20:14:10 GMT BPry 2018-05-22T20:14:10Z https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/115572#M45422 <P>Hi there,</P><P>&nbsp;</P><P>My client has an internal application that doesn't need App-ID (Layer 7) scans for better performance.</P><P>&nbsp;</P><P>When I created the Application Override, under the "Protocols/Application" tab, there are 2 fields, one is Port and the other is Application.&nbsp; I am very confused on these two fields.</P><P>&nbsp;</P><P>Port - Is it saying traffic utilizing my defined port (say TCP 21) will now bypass the App-ID engine? Or is it saying traffic will now be forced operate over TCP port 21? Or is it saying any traffic passing through as TCP 21 will now be classified as my pre-defined custom App (e.g. Say Client_FTP)?</P><P>&nbsp;</P><P>Application - Is it saying traffic matching my pre-defined custom App (e.g. Say Client_FTP) will now bypass the App-ID engine?</P><P>&nbsp;</P><P>I look through many online documentation but all it says is put in port &amp; application, without much explanation.</P><P>&nbsp;</P><P>Appreciated if anyone can shed some light on this.</P><P>&nbsp;</P><P>Cheers,</P><P>Hunt</P> Fri, 23 Sep 2016 03:30:21 GMT https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/115572#M45422 huntlee 2016-09-23T03:30:21Z https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/115750#M45430 <P>An app override policy is very similar to a standard firewall security policy. &nbsp;With firewall policy, you define match criteria (source/dest/app/port/etc.) and if traffic matches the policy, then you get the resulting action (allow/deny). &nbsp;</P><P>&nbsp;</P><P>With application override, you define the match criteria and the firewall will OVERRIDE the detected application. &nbsp;Go to Objects / Applications, and "Add" a new application. &nbsp;You don't need to make layer-7 signatures for this new application, just give it a name and fill out the basics.</P><P>&nbsp;</P><P>Then, in your Application Override policy,&nbsp;you'll define the match criteria:</P><P>&nbsp;- source: internal systems</P><P>&nbsp;- destination: server1</P><P>&nbsp;- port: tcp21</P><P>&nbsp;- APPLICATION: (use the new one you just defined)</P><P>&nbsp;</P><P>You don't have to have all tcp/21 traffic overridden... just tcp21 traffic from your internal systems to the specific server.</P><P>&nbsp;</P><P>You will also need to edit your security policy and permit traffic from internal systems to server1 using the newly-defined application on tcp/21. &nbsp;</P><P>&nbsp;</P> Fri, 23 Sep 2016 15:12:36 GMT https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/115750#M45430 jvalentine 2016-09-23T15:12:36Z https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/215065#M62439 <P>Which event will happen if an administrator uses an Application Override Policy</P> Tue, 22 May 2018 19:09:58 GMT https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/215065#M62439 sidalpha2000 2018-05-22T19:09:58Z https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/215093#M62450 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/53640">@sidalpha2000</a>,</P><P>Can you rephrase your question a little bit. Not sure what you are actually asking here.&nbsp;</P> Tue, 22 May 2018 20:14:10 GMT https://live.paloaltonetworks.com/t5/general-topics/application-override/m-p/215093#M62450 BPry 2018-05-22T20:14:10Z