Applipedia is the application database that Palo Alto Networks uses along with App-ID to identify applications traveling through your Palo Alto Networks firewall.
Applipedia can be found in two separate locations:
Inside the Palo Alto Networks firewall web interface, go to the Objects tab (1) > Applications section (2)
On the website, here is what it will look like:
At the top of the screen, you will see the top application browser area of the page that lists the attributes you can use to filter the display. The number to the left of each entry represents the total number of applications with that attribute. Everything is alphabetically listed. When you click on anything below the title (Category, Subcategory, Technology, Risk, or Characteristic), it will become a filter and change out what is listed in the Applications page below.
NOTE: If you want to reset any filters, please click the "Clear Filters" button at the top of this section to reset the view.
The Applications page lists various attributes of each application definition, including:
One of the attributes listed is the application’s relative security risk (1 to 5). The risk value is based on criteria such as whether the application can share files, is the application prone to misuse, or does the application try to evade firewalls. Higher values indicate higher risk.
Both locations are going to show you about 99% the same information, other than the "Standard Ports" column not being displayed on the Applipedia website. Functionality to search and drill down will remain the same.
NOTE: Any custom applications created on the device or pushed down from Panorama will not show up in the online Applipedia.
Applications section – Web Page
Applipedia is used to gather information about the applications passing through your Palo Alto Networks firewall. Applipedia can be a wonderful tool to help you be very specific about what applications you do and do not want to pass through your firewall.
The advantage of this tool is that you have the ability to research what applications use similar ports or similar behavior. Everything in the Search and Category Browser section is clickable, allowing you to be able to go through and drill down to get more info.
Let's say you want to see all the applications that we have for the subcategory "Email." You will notice that there are 89 different applications listed. If you click on "89 email," then you will likely see something like this:
Did you notice how all the information changed? Now it says "89 matching applications." The Category area changed, and you now see the 89 applications listed at the bottom part of the screen.
Let's use Hotmail as an example to look at next. Scroll down the list until you find the "hotmail" application.
You will notice the following information displayed:
The name and description are straightforward, giving you information on what this application is. If you want more information on this application, you will see three external links for Wikipedia, Google, and Yahoo.
The standard ports are listed next. This will show you the ports that this application uses, and it can come in handy when you need to confirm what ports need to be opened up to allow this application to function properly.
Last is the "Depends on Applications" and "Implicitly Use Applications" area. This is the area that will list out the applications that this app specifically needs to have allowed in order to work properly.
To learn more about Application dependency, please review this article: What is Application Dependency?
You will also see the following sections:
The Characteristics section shows you the application's characteristics (yes or no):
All of these sections are visible on both the web page and the Web Interface except for the "Risk and Options" section. As long as you are logged in to the web interface with admin rights, you have the ability to change the timeout options PER APPLICATION. This is perfect if you need to adjust the TCP timeout value for a specific application but do not want to change it for ALL TCP applications. Just think of the web version of Applipedia as a Read Only version of the web interface of Applipedia.
Thanks for taking time to read this blog.
Don't forget to hit that Like (thumbs up) button and don't forget to subscribe to the LIVEcommunity Blog.
Stay Secure,
Kiwi out!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| Subject | Likes |
|---|---|
| 8 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
