This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Custom App-ID vs "Unknown-UDP"

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Custom App-ID vs "Unknown-UDP"

DPoppleton
L3 Networker

‎03-15-2017 07:48 AM

If I create a custom app-id for an application we use, will it no longer match the "unknown-udp" (which we block)? Or do I need to do an application override as well?

0 Likes Likes
6 REPLIES 6

TranceforLife
L6 Presenter

‎03-15-2017 08:02 AM - edited ‎03-15-2017 08:03 AM

If you create a custom app and your traffic matching your NEW application then no need to override it. APP Override as easy as I can explain is inspection up to layer 4 (TCP/UDP ports). After traffic is hitting correct port your app is identified so no  other checks applies by app id if that makes sense :0

0 Likes Likes

DPoppleton
L3 Networker
In response to TranceforLife

‎03-15-2017 08:11 AM

Thank you, that is the best explanation I've seen and I have been searching around for a while!

 

I'll give the new App-ID a try.

0 Likes Likes

TranceforLife
L6 Presenter
In response to DPoppleton

‎03-15-2017 08:14 AM - edited ‎03-15-2017 08:15 AM

The video below will help you to create a custom app:

 

https://www.youtube.com/watch?v=CwXdWJpw0UY

 

If the custom app (on its own) wouldn't work when add a app override policy so app id  inspection will be only up to layer 4.

0 Likes Likes

reaper
Cyber Elite
Cyber Elite
In response to TranceforLife

‎03-16-2017 02:42 AM

please check this article also: Getting Started: Custom applications and app override

 

If you are able to add any sort of signature to help identify your session, the custom app will function like any other application AppID can identify

if this is not possible, an app override may be required to force the app to be identified as your custom app (but this will restrict content scanning)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

DPoppleton
L3 Networker
In response to reaper

‎03-16-2017 11:55 AM

I have a 24 byte string the client always sends to open the communication. I have created a custom app-id, but the user is out until next week so I have to wait to see if it works.

0 Likes Likes

DPoppleton
L3 Networker
In response to DPoppleton

‎03-24-2017 01:15 PM

I've given up on the app id.. from what I have read in the documentation the 24-byte string in the beginning of the communication isn;t enough. I had to do an "unknown-req-udp-payload" context. To use that you have to use the full payload to match, but the full packet isn't always the same.

 

So off to override land I go.

0 Likes Likes
  • 3337 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks