application override not working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

application override not working

L2 Linker

Hi,

We configured Palo Alto in vwire mode between our head office and branches. Setup is like  Core <--> PA3050 <--> WAN Switch. There is a specific application that is not working and we create custom application by defining the destination port. We create application override and security policy to allow the specific application but its not working.The application is bank ATM, teller machines. Any help is appreciated.

Thanks,

MBS

5 REPLIES 5

L5 Sessionator

Can you share the application override application that you have configured ? And also send us the output of the session when it goes through firewall :

show session all filter source <source-ip> destination <destination-ip> destination-port <port-number>

Also attach the security policy which allows this traffic? Is this application tcp or udp? Also is it recognized as unknown-tcp/udp or some other application? Thank you.

L2 Linker

Hi ssharma,

Just found out that the teller machines are using sna protocol. Is this supported by PAN?

Thanks,

MBS

For application override protocol should be either tcp or udp, that might be the reason why it is not working.

Hello mbs.admin,

In order to apply an Application override policy on a PAN firewall, you have to create a custom application ( How to Create an Application Override Policy) . But, the application should use UDP/TCP/ICMP protocol to override it. Since SNA is not using TCP/UDP/ICMP, that could be the reason it's not working.

Thanks

L2 Linker

Hi HULK/ssharma,

Yes, agree application override will not work with this kind of protocol. Any suggestions how we can bypass sna protocol? We deploy PA in vwire mode.

Thanks,

MBS

  • 4960 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!