Creating custom app in Panorama with reserved names disables antivirus inspection

by mivaldi on ‎10-03-2017 01:41 PM - edited on ‎10-03-2017 02:19 PM by (3,989 Views)

Symptoms

A warning is raised during a 'Commit All' job pushed from Panorama to a managed firewall: (2 examples)

 

Warning: Profile compiler : Default Modified Alerting app http virus ident is disabled
Warning: Profile compiler : Default Modified Alerting app smb virus ident is disabled

The firewall is no longer triggering http or smb Antivirus or Wildfire-Virus signatures.

Diagnosis

A Custom Application is defined in Panorama, named 'http' or 'smb', and was pushed down to managed devices.

 

The issue is particularly prone to happen when users want to override the default application name 'web-browsing' to show as 'http', or default application name 'ms-ds-smb' to show as 'smb'.

 

The issue is not observed if the Custom Application named 'http' or 'smb' is defined locally on the firewall, since it will produce a Commit failure, however, a 'Commit All' job from Panorama is allowed to succeed.

 

The issue affects all current PAN-OS versions.

Solution

Delete or Rename the custom app from 'http' to 'http-custom', or from 'smb' to 'smb-custom' in Panorama.

Commit to Panorama and Push to affected managed devices.

 

This problem is currently being worked under issue ID: PAN-84703

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community