application override not working

Reply
Highlighted
L2 Linker

application override not working

Hi,

We configured Palo Alto in vwire mode between our head office and branches. Setup is like  Core <--> PA3050 <--> WAN Switch. There is a specific application that is not working and we create custom application by defining the destination port. We create application override and security policy to allow the specific application but its not working.The application is bank ATM, teller machines. Any help is appreciated.

Thanks,

MBS

Highlighted
L5 Sessionator

Re: application override not working

Can you share the application override application that you have configured ? And also send us the output of the session when it goes through firewall :

show session all filter source <source-ip> destination <destination-ip> destination-port <port-number>

Also attach the security policy which allows this traffic? Is this application tcp or udp? Also is it recognized as unknown-tcp/udp or some other application? Thank you.

Highlighted
L2 Linker

Re: application override not working

Hi ssharma,

Just found out that the teller machines are using sna protocol. Is this supported by PAN?

Thanks,

MBS

Highlighted
L5 Sessionator

Re: application override not working

For application override protocol should be either tcp or udp, that might be the reason why it is not working.

Highlighted
L7 Applicator

Re: application override not working

Hello mbs.admin,

In order to apply an Application override policy on a PAN firewall, you have to create a custom application ( How to Create an Application Override Policy) . But, the application should use UDP/TCP/ICMP protocol to override it. Since SNA is not using TCP/UDP/ICMP, that could be the reason it's not working.

Thanks

Highlighted
L2 Linker

Re: application override not working

Hi HULK/ssharma,

Yes, agree application override will not work with this kind of protocol. Any suggestions how we can bypass sna protocol? We deploy PA in vwire mode.

Thanks,

MBS

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!