Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-22-2016 03:00 PM
Hello
Can I request to TAC to create custom application or I have to do by my self? I found this but I guest it is for public application not for internal.
http://researchcenter.paloaltonetworks.com/submit-an-application/
10-24-2016 03:16 AM
Hi,
You will have to create it yourself.
The form is to submit a new public application.
This might be useful :
Cheers !
-Kim
11-07-2016 02:32 AM
app override is used to prevent the AppID engine from kicking in
it is not necessary to use this for a custom application to work, but can be useful in certain scenarios:
-AppID wants to identify an application and you need it to be something else (there could be a custom application mechanism that conflicts with how it's parent application is supposed to work)
-the app is unknown so AppID will not be useful
for unknown applications, app override is not mandatory, it simply preserves resources by disabling AppID for a particular session
10-24-2016 03:16 AM
Hi,
You will have to create it yourself.
The form is to submit a new public application.
This might be useful :
Cheers !
-Kim
10-24-2016 04:26 AM
Hello Kiwi
So custom application is requried only when I see the unknown applicaiton in the logs? In which case I will create the app override?
10-24-2016 03:59 PM
Right, custom applications are only needed if your traffic is unknown to the PA.
Application override is different. This prevents the upper level inspections and you would use this when the PA is incorrectly categorizing your traffic as a known application. You override the categorization using these rules.
10-26-2016 09:21 AM
Thank you steve. But in PA documents and video, I saw they for unknown application, they are using appoverrride
10-29-2016 04:05 AM
Do you have the link for the video handy so I can understand the context of what they are doing there?
10-29-2016 08:07 AM
Hello Steve
An application override could be used wilth custom internal applications that use non-standard port numbers or internal applications classified by the firewall as "unknown" for which custom definitions have been created
11-06-2016 12:46 PM
@pulukas Could you please see this video, they are saying for unknown-tcp and udp you can use app-override
11-07-2016 02:32 AM
app override is used to prevent the AppID engine from kicking in
it is not necessary to use this for a custom application to work, but can be useful in certain scenarios:
-AppID wants to identify an application and you need it to be something else (there could be a custom application mechanism that conflicts with how it's parent application is supposed to work)
-the app is unknown so AppID will not be useful
for unknown applications, app override is not mandatory, it simply preserves resources by disabling AppID for a particular session
11-07-2016 03:42 AM
@reaper thank you. So for unknown applicaiton, either we can do app-override or make custom application. If traffic matches with built in application (worngly) and custom application as well, then PA will match with what? I mean builtin application or custom application?
Appreciated your reply
11-07-2016 05:31 AM
the normal flow would be like this (for example, there is a web-app you want to identify)
you create a custom app that matches a certain signature
without app override
AppID will start processing a new session
at the http/1.1 it will likely first identify web-browsing,
in one of the next packets, your signature would be hit and the app would change into your custom application
with app override:
a new session is received matching the app override rule, custom application is assigned, no logic is checked (basically like a traditional firewall without intelligence)
11-07-2016 06:49 AM
@reaper Thanks. Sorry for my ignorance but need to ask, so for my custom signature to work, I need to explicityly allow web-browing in security rule along with custom app or no need?
11-07-2016 07:21 AM
no problem!
if your custom app relies on web-browsing, yes (eg you're hosting a website and want it identified as a specific app)
if your custom app is something written from scratch, not running on top of a known protocol: no
11-07-2016 12:10 PM
@reaper so it means for all custom web applications, web-browsing has to be allowed with custom application?
11-08-2016 12:52 AM
yes, but it doesn't need to be in the same rule, as long as web-browsing is allowed somewhere in the policy, it will work
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
