App id

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

App id

L2 Linker

Hello,

I have a question about app id.

 

The App-ID description contains a Deny Action description of the action taken.

 

Whatever action is imposed by the security policy, the flow will follow the action of the App Id?

3 REPLIES 3

Cyber Elite
Cyber Elite

@Sarou22,

This depends on what security rule the traffic is hitting and the action applied to that rule. You can learn more about how this actually works by looking at the action documentation HERE, but in short you can override the application default deny action by specifying anything other than deny in your policy.

If in my policy action is drop

and the App Id action is deny reset.

Which action will the firewall choose?

Cyber Elite
Cyber Elite

The deny action in APP-ID will customize what the firewall does if you create a deny security rule:

 

The allow, drop, and reset actions will set the same action for all sessions

The Deny action however, will block the connection, but will apply the action dictated by the app-id

This means that some applications will cause RST packets to be sent when blocked, while others may be silently discarded

 

 

Screenshot (1).png

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 942 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!