I have an application override setup and it is working fine. The reason for the override is because we changed the port number of the application to something other than the default.
The way I have this setup is I created a customer application and then setup an application override policy.
My question deals with the override policy. I have the policy currently pointing to the customer application I created. I understand that by doing this, threat protection is bypassed. Since there is a built-in application for what I want, should I be selecting that instead of the custom application that was created.? My gut says yes. My only hesitation is that the built-in app assumes the original port number and not the one that I need.
Will using the build-in application in the policy still allow me to use the non-standard port and achieve threat protection?
Thanks in advance...
If you stick with the default application, add the new port(s) to service in the same security rule (instead of using application-default), then the threat protection is working as expected.
We also have some applications that are using ports other than the standard ports. What we have done is to change the rule associated with the application to use the standard application and we set the specific ports we are using as the service in that rule. This way we get the traffic identified and limit it to our ports.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!