07-27-2020 12:02 PM
Hi All ,
I am having policy having application group and set services as application default .
Sometime policy is working fine but sometime its dropping packet and in logs showing application unknown UDP.
Could you please suggest any troubleshooting steps here ? I did packet capture but not seeing any this specific which can indicate any issue on firewall end .
Thanks
07-27-2020 01:47 PM
What type of traffic are you actually seeing this on? It wouldn't be uncommon to see something developed internally have an unknown-tcp/udp determination, but if it's traversing the untrust/internet interface that's different.
In any case, it usually means that the firewall either didn't pass enough traffic to identify the app-id, or an app-id simply doesn't exist for the traffic.
07-27-2020 01:58 PM
@BPry ,
It's syslog traffic . Moreover for same set of source and destination IP , its working fine , properly identifying the APP-id.
I am using default syslog app-id .
07-28-2020 09:12 AM
Interesting. I've never actually had the firewall fail to identify syslog traffic across the default 514 port, but I have if I customize the port without creating a custom application or doing an application-override see it come across as unknown-udp.
Personally, I would take a packet capture of the traffic when it comes across as unknown-udp and see if you can notice any sort of difference with the traffic. If you aren't seeing anything I would try to capture the traffic and open up a TAC case for review.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
