I have new application.
I need to know what is the difference between application override policy and the security policy by using the service port number both are stateful inspection firewall at Layer-4?
Allows you to select a Layer 4 (TCP or UDP) port for the application. You can choose any, specify a port, or use application-default to permit use of the standards-based port for the application.
Identify sessions that you do not want processed by the App-ID engine, which is a Layer-7 inspection. Traffic matching an application override policy forces the firewall to handle the session as a regular stateful inspection firewall at Layer-4.
the service port let's you determine on which port TCP is allowed to connect
so if you set port 80, tcp is allowed to connect on pot 80, app-id can then determine if the session is web-browsing or ftp os ssh or something else. because you allowed port 80, the session will be allowed through and app-id will simply identify the app
if you use application-default, app-id will use it's knowledge of the data flow to determine if the port it sees in the tcp session matches what it sees in the payload, so if a tcp session on port 80 comes in, that's fine, but after it sends payload and app-id determines that the session is actually LDAP, it will drop the connection as it is using a non-default port
in both the above cases, app-id will keep track of the flow and make sure the application is behaving as expected, applying the right heuristics etc to determine if there are any threats or application switches happening
application-override tells app-id and content-id (if used with a custom app) to not inspect a session at all and simply label it as the custom app. so if you set app override on port 80, that opens up port 80 to all underlying applications and threats
I would suggest to stay away from overrides if you can. They bypass the threat engine so there could be potentially malicious traffic.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!