Does "Unknown-udp" app allow any UDP Packets?

Reply
Highlighted
L2 Linker

Does "Unknown-udp" app allow any UDP Packets?

Does "Unknown-udp" Appl. allow any UDP Packets?

I did not find any app and would like to allow UDP only.

Roman

Highlighted
L4 Transporter

Re: Does "Unknown-udp" app allow any UDP Packets?

The app-id "unknown-udp" can be used to allow/block UDP traffic that did not match any other application signature. That does not mean all UDP traffic.

If you want to allow all UDP traffic,you should create a service object containing the port range 1-65535.

Highlighted
L7 Applicator

Re: Does "Unknown-udp" app allow any UDP Packets?

Hello Roman,

In case of any UDP based Application traffic, The PAN firewall will allow few packets in each direction ( Client-Server and Server-Client) to identify/match the application signature App-ID. Ideally, it will be minimum 4 packets or 2000 bytes. Till that time, the PAN will identify that traffic as "Unknown-UDP" and allow it through. As soon as the application identified by PAN FW,the  appropriate policy/rule will be applied to that traffic.

Reference DOC:

How to Verify the Application Name Change from Unknown-tcp/udp to Actual App-ID

unknown

Hope this helps.

Thanks

Highlighted
L7 Applicator

Re: Does "Unknown-udp" app allow any UDP Packets?

Hello Roman,

As torm said, if you want to allow all UDP traffic, you may create a custom service profile and allow all applications in a "security Rule".

NOTE: UDP is not an application, it's a Transport layer protocol used to application traffic. :smileyhappy:

UDP-service.jpg

UDP-service-policy.jpg

Hope this helps.

Thanks

Highlighted
L6 Presenter

Re: Does "Unknown-udp" app allow any UDP Packets?

Hi RKRA,

When UDP packets hit firewall, firewall allows initial few UDP Packets. After that it may determine application based on packet content.

Sometimes, firewall is not able to determine application because packets doesn't match existing decoder.

In such scenario firewall identifies stream as "unknown-udp".

You dont need to allow "unknown-udp" for any UDP traffic.

Regards,

Hardik Shah

Highlighted
L7 Applicator

Re: Does "Unknown-udp" app allow any UDP Packets?

Hello Hardik,

Just FYI. All applications are not having Decoder. Hence, i don't think it is not necessary to match decoder to identify an Application.

Thanks

Highlighted
L6 Presenter

Re: Does "Unknown-udp" app allow any UDP Packets?

Hi HULK,

By decoder I mean application signature.

Regards,

Hardik Shah

Highlighted
L5 Sessionator

Re: Does "Unknown-udp" app allow any UDP Packets?

Hi Roman,

Question to your answer is Yes. If you don't have a policy that is not denying "unknown-udp" application, firewall will allow it. In Monitor tab, you will source and destination address and application as "Unknown-UDP". It simply means firewall did not have signature for the packets it was seeing. You can also deny it by denying "unknown-udp" in security policy but is however configurable and is based on your requirement. Hope that helps.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!