topic Re: Application Override in General Topics

Application Override

sgoethals — Sun, 10 Nov 2019 14:32:30 GMT

Hi All,

I have an application override setup and it is working fine. The reason for the override is because we changed the port number of the application to something other than the default.

The way I have this setup is I created a customer application and then setup an application override policy.

My question deals with the override policy. I have the policy currently pointing to the customer application I created. I understand that by doing this, threat protection is bypassed. Since there is a built-in application for what I want, should I be selecting that instead of the custom application that was created.? My gut says yes. My only hesitation is that the built-in app assumes the original port number and not the one that I need.

Will using the build-in application in the policy still allow me to use the non-standard port and achieve threat protection?

Thanks in advance...

Re: Application Override

JoergSchuetter — Sun, 10 Nov 2019 15:13:17 GMT

Hello

If you stick with the default application, add the new port(s) to service in the same security rule (instead of using application-default), then the threat protection is working as expected.

Re: Application Override

BruceBennett — Sun, 10 Nov 2019 16:47:15 GMT

We also have some applications that are using ports other than the standard ports. What we have done is to change the rule associated with the application to use the standard application and we set the specific ports we are using as the service in that rule. This way we get the traffic identified and limit it to our ports.