topic Re: URGENT: Custom Application issue. in General Topics

URGENT: Custom Application issue.

sahithyan.subbu — Thu, 20 Feb 2020 15:38:53 GMT

Hi peeps,

I have created a custom application for a particular TCP port and added that particular application in to my security policy, but traffic gets hit to deny policy. It works only when i do App override but it is not recommended to do app override. Is there any way to achieve it without App-Override or its mandatory to create a App-Override for custom applications. ?

Also Please Share me the KB articles if it got any info's related to my query.

Re: URGENT: Custom Application issue.

OtakarKlier — Thu, 20 Feb 2020 17:59:40 GMT

Hello,

Could be something wrong with the regex? I honestly dont use any custom apps or app overrides because they are more hassle for me anyway.However here are a few articles that I'm sure you've already gone over that may help?

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK

https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/create-a-custom-application-signature.html

Regards,

Re: URGENT: Custom Application issue.

umar00o — Fri, 21 Feb 2020 08:41:11 GMT

I had a similar issue where I have a main rule to allow Facetime, itunes etc. For some reason even I had stun added to the same security rule, it was getting denied by the default rule. So what I did was created a another security rule on top and added the stun app seperately which fixed the issue.May be you can try this.

Re: URGENT: Custom Application issue.

BPry — Fri, 21 Feb 2020 21:45:42 GMT

@sahithyan.subbu,

I would look at the information that @OtakarKlier linked too, but the most important thing is just to identify that your signature/s are properly being matched to the traffic.

If you haven't configured any signatures on your custom application, you'll need to utilize application override to actually get things to map correctly. Without a signature assigned to the custom application there isn't anything to tell the firewall that the traffic is supposed to match this application.

Re: URGENT: Custom Application issue.

sahithyan.subbu — Fri, 28 Feb 2020 07:17:33 GMT

@BPry

Yeah, exactly. i do agree that. There is no other option or a way to workaround, that is how the packets get processed in Firewall during the APP inspection. Either we have to map the signature to the custom App or we can do App override.