This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Creating a Custom Application using a VLAN tag as the signature

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Creating a Custom Application using a VLAN tag as the signature

Ivory.Desper
L0 Member

‎03-06-2017 06:59 AM

All,

 

I am trying to create a custom application that will be used for a rule instead of having to use standard ports.  All traffic for this application is being tagged  with a 802.1Q virtual Lan , PRI: 0, CFI 0, ID: XXX.  I have tried creating a signature to trigger on this vlan ID with no success. Every signature type i use has not worked to this point.   Has anyone ran into this problem and came up with a solution for this.  Any help would be appriciated.  Thanks.

0 Likes Likes
3 REPLIES 3

BenjAudy.MTL
L4 Transporter

‎03-06-2017 01:12 PM

Hi,

 

The VLAN tag is part of the Ethernet frame and is used for networking, so I doubt Palo Alto Networks will ever offer the ability to create a custom application signature based on it.

 

What is the original problem that made you want to have a custom app based on a VLAN tag?

 

Benjamin

0 Likes Likes

goku123
L7 Applicator
In response to BenjAudy.MTL

‎03-06-2017 01:19 PM

As Baudy pointed out, the custom signature contexts are exposed to target mostly layer7 payload patterns.

VLAN tags at layer2 are not currently available to match a custom signature pattern against.

0 Likes Likes

Lucky
L5 Sessionator

‎03-07-2017 02:45 AM - edited ‎03-07-2017 02:46 AM

Hi, and welcome to our forums.

 

While other correctly pointed out this cannot be tagged as custom application; what you could do, in order to manipulate traffic from particular XXX vlan, is to create a .XXX sub-interface on the layer3 interface where trunked and tagged traffic is arriving, and add it to a separate new zone, than create traffic policies (whatever you need, blocking, allowing, alerting...) applied for that particular zone.

I believe my understanding is correct - you have trunk on some interface and some of the traffic is tagged, you wanted to manipulate it in a particular way (so you wanted to create a custom app) - this way, you will see all the traffic, and you can still create a custom app just based on the ports or the port ranges of the layer 4, without furhter complication.

 

Am I right and does this help? If not, can you try to explain what are you trying to achieve - perhaps we can solve it in a different way.

 

Best regards

Luciano

0 Likes Likes
  • 2775 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks