App-id not working on some Apps

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

App-id not working on some Apps

L4 Transporter

I am seeing a number of applications which have definitions, but are not being identified correctly:  kaokatalk, league of legends, battle.net and guild wars to name a few.  these are showing the correct ports but showing as "unkown-tcp".  Is there some way to update these, reset the definitions, etc.?

All of my App-ids are up to date.

Thanks

Bob

3 REPLIES 3

L6 Presenter

Hi Bob.   Please open a support case and request to have these apps updated.  Thanks. 

So I found this old thread as I have the same issue with battle.net.

Runnin 8.0.5 on PA-220, no SSL decrypt.

Battle.net will not work unless I create a rule that opens traffic on application any with port tcp/1119.

 

Another issue with the battle.net app:

If you have decryption enabled, and browse to https://us.battle.net/ the PA set the app to "battle.net" and drops the traffic since port 443 is not a standard port in the app.

 

@erikda,

To get around the battle.net not working with the application being set to 'any', you'll need to monitor the log file and determine what applications are being identified. Is it getting marked as SSL, web-browsing, or something else all together? If you could figure out the IP range this traffic was going to, you could easily create an application override or simply attempt to build a more specific signature yourself completely. 

The second part is more straight forward, and is actually fairly common. Setup a security policy that allows application 'battle.net' and set the service to something that specifies tcp ports 443,80, and 1119. You'll then be perfectly fine from an application and a service standpoint. 

  • 6123 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!