How to Validate and Report Application Misidentification

How to Validate and Report Application Misidentification

29146
Created On 09/25/18 15:19 PM - Last Modified 06/15/23 21:31 PM


Environment


  • Palo Alto Firewall
  • Application

Resolution


Validate

  1. Verify the information about the application (such as behavior, dependencies, and standard port) at the Application Research Center.
  2. Check the Dynamic Updates page on the Palo Alto Networks support website for the most up-to-date versions of Application and Threats content.
  3. Ensure that the Palo Alto Networks firewall has the latest version of Application and Threats content.

 

Report

  1. Name of the application seen in traffic logs or session table
  2. Expected Application
  3. System information:
    > show system info
  4. Filtered traffic logs (.csv format) showing the misidentification
  5. Session details for one of the misidentified sessions
    > show session id <sesion id >
  6. When the issue started (for example, after installation of the App Version 379-1840)
  7. Client PCAP of the Application
  8. Application dump (see How to Get an Application PCAP)

Note: Additional troubleshooting may be required if the Palo Alto Networks support staff is unable to validate or recreate the issue.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClDnCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language