09-07-2013 04:45 AM
Hello everyone;~
I am very curious
refer to bottom image~
Where is the unknown application where?
I guess that PA App-id check application signatures for the first time
and than If PA doesn't know app, PA App-id might move Heuristics engine;
and If PA try what could be checked at the engine;;
Does PA change unknown-tcp or unknow-udp?
I haven't been lookup any document about unknow application flow logic
T-T
09-07-2013 08:08 AM
Pattern-Based Application Identification occurs in the App_ID Engine.
If a matching signature is not found in the Application Database the Application is identified as either unknown-tcp, unknown-udp, or non-syn-tcp.
For applications changing from one to another, Identification is done via protocol decoding in content inspection.
For detailed Packet Flow :ReferPacket Flow in PAN-OS
See Also :Unknown Applications
09-07-2013 05:41 PM
Hello akawimandan~
As I told me,,
For applications changing from one to another, Identification is done via protocol decoding in content inspection.
as far as I know that PA has two engine(App-id, Content)
When Someone connect facebook, Does always PA flow Content Engine,,?
and than also I have another question~
I guess that unknown-tcp, unknown-udp, or non-syn-tcp.
Finally, When PA check Heuristic Engine to know application
eventually PA doesn't find application
Does the traffic return to check [application signatures]?
because, I think so, There are unknown-tcp, unknown-udp, or non-syn-tcp signatures
^_^;;; I don't know exactly App-id Engine
I am also used to red uploaded documents by you
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
