This might be a dumb question but I am having trouble cloning the Oracle application in the GUI. I have admin rights, there are no pending changes, and I've tried this from 2 different browsers. I find the application and there is a clone button below it. Unfortunately there is no way I can see to select the app. There is no check box, and when I click the app it doesnt stay selected. When I click the clone button I get an error "Please select an application to clone." See attached picture. Is this a bug or am I just doing something dumb ? Thanks, Justin
In my lab environment (running 3.1.7) I can only clone custom applications (i.e. applications that I have created from scratch).
The applications that were added as part of the weekly application/threat content updates from Palo Alto Networks only have limited customizability and cannot be cloned. You would need to create a custom application that mimics the characteristics of the oracle application and customize it per your requirements.
I need to bump this topic again.
I understand that only custom apps can be cloned, but what it the reason for this?
It's quite a "pain" when you just want to change a tiny thing, e.g. create a custom app "good DNS" with a risk of 1 and a policy to allow good dns to a range of name servers only.
This would require to do a screenshot from the existing DNS app and create it from scratch instead of just cloning it, changing name and risk. We also need to get our head around app signature which is not shown in the default apps.
Is the reason because the "logic" behind the apps would be the same and could confuse PA? I mean if I only allow "good dns" in the policy there are additional information like destination group, etc.
Am I missing something here?
I don't see a need to clone a the built in application. The signatures cannot be changed. Therefor traffic will only match one signature. If you need to customize DNS risk level you can change the risk level in the application. But if you need to create a new application specific to "good dns" you'll need to create a customer signature for the traffic that would be more specific than that of 'dns'
In the customer application you can clone and change the signature and keep the additional settings but change the signature so that the application is is match differently.
In the event that you are creating a customer application without a signature (e.g. for application override) it may be a little annoying to have to create a new application and add all of the characteristics of the built in application.
I understand your concept of App override, but this is not what I want.
Let's say I have two internal DNS Servers and I want to make sure all clients / servers use these two servers for DNS.
Those servers are configured with the google name servers as forwarders.
DNS has a risk of 4 by default, but as the two servers are under my control and let's say I trust google I want to assign this a risk of 1 or 2 and not 4, but all other DNS traffic (using the default DNS AppID) still has a risk of 4 and get's blocked.
So I'd like to clone the default DNS AppID including it's signature (without it's somewhat useless as it refers to port only) and assign it a risk of lets say 2 and name it "known good DNS"
I then make a rule to allow "known good DNS" between the serves mentioned above and a block rule for DNS in general.
Doing so would allow me to stay with the concept of App ID.
Am I missing something or am I misunderstanding the concept?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!