How does it identify unknown application where about flow logic?

Reply
L3 Networker

How does it identify unknown application where about flow logic?

Hello everyone;~

I am very curious

refer to bottom image~

Where is the unknown application where?

I guess that PA App-id check application signatures for the first time

and than If PA doesn't know app, PA App-id might move Heuristics engine;

and If PA try what could be checked at the engine;;

Does PA change unknown-tcp or unknow-udp?

I haven't been lookup any document about unknow application flow logic

T-T

이미지 1.png

L5 Sessionator

Pattern-Based Application Identification occurs in the App_ID Engine.

If a matching signature is not found in the Application Database the Application is identified as either unknown-tcp, unknown-udp, or non-syn-tcp.

For applications changing from one to another, Identification is done via protocol decoding in content inspection.

For detailed Packet Flow :ReferPacket Flow in PAN-OS

See Also :Unknown Applications

L3 Networker

Hello akawimandan~

As I told me,,

For applications changing from one to another, Identification is done via protocol decoding in content inspection.

as far as I know that PA has two engine(App-id, Content)

When Someone connect facebook, Does always PA flow Content Engine,,?

and than also I have another question~

I guess that  unknown-tcp, unknown-udp, or non-syn-tcp.

Finally, When PA check Heuristic Engine to know application

eventually PA doesn't find application

Does the traffic return to check [application signatures]?

because, I think so, There are unknown-tcp, unknown-udp, or non-syn-tcp signatures

^_^;;; I don't know exactly App-id Engine

I am also used to red uploaded documents by you

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!