Application Override

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Application Override

L0 Member

Hi there,

 

My client has an internal application that doesn't need App-ID (Layer 7) scans for better performance.

 

When I created the Application Override, under the "Protocols/Application" tab, there are 2 fields, one is Port and the other is Application.  I am very confused on these two fields.

 

Port - Is it saying traffic utilizing my defined port (say TCP 21) will now bypass the App-ID engine? Or is it saying traffic will now be forced operate over TCP port 21? Or is it saying any traffic passing through as TCP 21 will now be classified as my pre-defined custom App (e.g. Say Client_FTP)?

 

Application - Is it saying traffic matching my pre-defined custom App (e.g. Say Client_FTP) will now bypass the App-ID engine?

 

I look through many online documentation but all it says is put in port & application, without much explanation.

 

Appreciated if anyone can shed some light on this.

 

Cheers,

Hunt

3 REPLIES 3

L7 Applicator

An app override policy is very similar to a standard firewall security policy.  With firewall policy, you define match criteria (source/dest/app/port/etc.) and if traffic matches the policy, then you get the resulting action (allow/deny).  

 

With application override, you define the match criteria and the firewall will OVERRIDE the detected application.  Go to Objects / Applications, and "Add" a new application.  You don't need to make layer-7 signatures for this new application, just give it a name and fill out the basics.

 

Then, in your Application Override policy, you'll define the match criteria:

 - source: internal systems

 - destination: server1

 - port: tcp21

 - APPLICATION: (use the new one you just defined)

 

You don't have to have all tcp/21 traffic overridden... just tcp21 traffic from your internal systems to the specific server.

 

You will also need to edit your security policy and permit traffic from internal systems to server1 using the newly-defined application on tcp/21.  

 

Which event will happen if an administrator uses an Application Override Policy

@sidalpha2000,

Can you rephrase your question a little bit. Not sure what you are actually asking here. 

  • 3035 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!