I am trying to create a custom application that will be used for a rule instead of having to use standard ports. All traffic for this application is being tagged with a 802.1Q virtual Lan , PRI: 0, CFI 0, ID: XXX. I have tried creating a signature to trigger on this vlan ID with no success. Every signature type i use has not worked to this point. Has anyone ran into this problem and came up with a solution for this. Any help would be appriciated. Thanks.
The VLAN tag is part of the Ethernet frame and is used for networking, so I doubt Palo Alto Networks will ever offer the ability to create a custom application signature based on it.
What is the original problem that made you want to have a custom app based on a VLAN tag?
As Baudy pointed out, the custom signature contexts are exposed to target mostly layer7 payload patterns.
VLAN tags at layer2 are not currently available to match a custom signature pattern against.
Hi, and welcome to our forums.
While other correctly pointed out this cannot be tagged as custom application; what you could do, in order to manipulate traffic from particular XXX vlan, is to create a .XXX sub-interface on the layer3 interface where trunked and tagged traffic is arriving, and add it to a separate new zone, than create traffic policies (whatever you need, blocking, allowing, alerting...) applied for that particular zone.
I believe my understanding is correct - you have trunk on some interface and some of the traffic is tagged, you wanted to manipulate it in a particular way (so you wanted to create a custom app) - this way, you will see all the traffic, and you can still create a custom app just based on the ports or the port ranges of the layer 4, without furhter complication.
Am I right and does this help? If not, can you try to explain what are you trying to achieve - perhaps we can solve it in a different way.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!