My client has an internal application that doesn't need App-ID (Layer 7) scans for better performance.
When I created the Application Override, under the "Protocols/Application" tab, there are 2 fields, one is Port and the other is Application. I am very confused on these two fields.
Port - Is it saying traffic utilizing my defined port (say TCP 21) will now bypass the App-ID engine? Or is it saying traffic will now be forced operate over TCP port 21? Or is it saying any traffic passing through as TCP 21 will now be classified as my pre-defined custom App (e.g. Say Client_FTP)?
Application - Is it saying traffic matching my pre-defined custom App (e.g. Say Client_FTP) will now bypass the App-ID engine?
I look through many online documentation but all it says is put in port & application, without much explanation.
Appreciated if anyone can shed some light on this.
An app override policy is very similar to a standard firewall security policy. With firewall policy, you define match criteria (source/dest/app/port/etc.) and if traffic matches the policy, then you get the resulting action (allow/deny).
With application override, you define the match criteria and the firewall will OVERRIDE the detected application. Go to Objects / Applications, and "Add" a new application. You don't need to make layer-7 signatures for this new application, just give it a name and fill out the basics.
Then, in your Application Override policy, you'll define the match criteria:
- source: internal systems
- destination: server1
- port: tcp21
- APPLICATION: (use the new one you just defined)
You don't have to have all tcp/21 traffic overridden... just tcp21 traffic from your internal systems to the specific server.
You will also need to edit your security policy and permit traffic from internal systems to server1 using the newly-defined application on tcp/21.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!