How to create a custom application for ALG apps

How to create a custom application for ALG apps

18023
Created On 09/25/18 19:30 PM - Last Modified 06/08/23 08:45 AM


Symptom


Symptoms

After matching a custom application, the Palo Alto Networks firewall cannot create the PREDICT session by ALG, which might result in  'file transfer failed on ftp data connection.'

Diagnosis

If you do not check "Continue scanning for other Applications" on a custom application, the Palo Alto Networks firewall will stop the L7 scan and hardware offload the session after matching it to the custom application.
After the session is offloaded, even if an ALG trigger packet comes to the firewall, it will not be picked-up. 

Resolution


Change a Custom Application settings following the steps below:


1. From Objects > Applications, click your custom application name in the middle section for changing the settings:
Step1.jpgClick your custom application.

2. Under the Configuration tab, click the checkbox Continue scanning for other Applications:
Step2.jpgClick the checkbox, "Continue scanning for other Applications."

3. Click OK to close the custom application window and commit to apply the settings.
Step3.jpgClose the custom application window.

 

See also


Getting Started: Custom applications and app override
https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Custom-applications-and-app-override/ta-p/71635

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZmCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language