02-24-2010 08:16 AM
Is there a dummies guide to creating custom application please?
We have a couple of "in-house" apps that always pass traffic on certain ports, always to/from a certain IP range, and I'm struggling to see how to put "something" in place that says "If this traffic is between source A and destination B and is on port XYZ it is CustomApp"?
Equally we have a couple of apps that need a stupid amount combination of ports/port-ranges open. AIUI with a custom app you can only specify one port at a time? How would this work if your source and destination are always the same but the ports could be one of several hundred i.e. the app uses port(s) 7000-76500 TCP/UDP?
Essentially I just want to not have "Unknown TCP/UDP" in the ACC for traffic matching those policies if possible.
Thanks,
02-24-2010 08:33 AM
The way to do this is to use Application Override rules. You can specify a source/destination address as well as a destination port or port range and map that to a specific application. In your example you would create a custom app (don't work about the port definition or any signatures) called CustomApp and map all traffic from you given src/dest on ports 7000-76500 to this application using an Application Override rule.
Mike
02-24-2010 08:33 AM
The way to do this is to use Application Override rules. You can specify a source/destination address as well as a destination port or port range and map that to a specific application. In your example you would create a custom app (don't work about the port definition or any signatures) called CustomApp and map all traffic from you given src/dest on ports 7000-76500 to this application using an Application Override rule.
Mike
02-24-2010 09:35 AM
Brilliant thanks Mike - I was coming at it from the wrong angle and assuming I'd need to know a lot of low-level detail to create the custom app, so all I've done is fill in the new app detail using the basics and used the starting TCP port as it won't let me specify a range in an app.
Right now this isn't an issue, but is there any way to define an override against a URL/set of URLs vs. a "raw" IP address or network? It's something I can foresee for a couple of things we may be using.
Thanks.
02-24-2010 11:35 AM
Hmm I spoke a little too soon - the rule works and classifies traffic, but on the ACC page all I have for "risk" is a little white square - there is no risk rating listed, even though on the objects/applications it shows with the expected green "1" icon.
Why might this be please?
I tried changing the risk to "2" just to see if it's some weird caching/rendering thing but it does it consistently in Chrome/Firefox/IE, just a white box.
If I look at the properties of the white box it's "risk_0.gif" though when I click the application to break down the ACC view it definitely shows with whatever risk level I give it.
02-24-2010 01:55 PM
This is a known bug. It has been addressed in the upcoming PAN-OS 3.1. It should not effect the behavior of the application, only the displayed risk in ACC.
Mike
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
