topic Re: How does it identify unknown application where about flow logic? in General Topics

How does it identify unknown application where about flow logic?

SilverTiger — Sat, 07 Sep 2013 11:45:52 GMT

Hello everyone;~

I am very curious

refer to bottom image~

Where is the unknown application where?

I guess that PA App-id check application signatures for the first time

and than If PA doesn't know app, PA App-id might move Heuristics engine;

and If PA try what could be checked at the engine;;

Does PA change unknown-tcp or unknow-udp?

I haven't been lookup any document about unknow application flow logic

T-T

UhMayYeah — Sat, 07 Sep 2013 15:08:07 GMT

Pattern-Based Application Identification occurs in the App_ID Engine.

If a matching signature is not found in the Application Database the Application is identified as either unknown-tcp, unknown-udp, or non-syn-tcp.

For applications changing from one to another, Identification is done via protocol decoding in content inspection.

For detailed Packet Flow :ReferPacket Flow in PAN-OS

SilverTiger — Sun, 08 Sep 2013 00:41:41 GMT

Hello akawimandan~

As I told me,,

For applications changing from one to another, Identification is done via protocol decoding in content inspection.

as far as I know that PA has two engine(App-id, Content)

When Someone connect facebook, Does always PA flow Content Engine,,?

and than also I have another question~

I guess that unknown-tcp, unknown-udp, or non-syn-tcp.

Finally, When PA check Heuristic Engine to know application

eventually PA doesn't find application

Does the traffic return to check [application signatures]?

because, I think so, There are unknown-tcp, unknown-udp, or non-syn-tcp signatures

^_^;;; I don't know exactly App-id Engine

I am also used to red uploaded documents by you