How to find out the right app-id

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to find out the right app-id

L1 Bithead

Hi all,

 

I started studying PA firewall recently and am struggling with finding out the APP-ID for some traffic. I can easily find out the services(or ports for CISCO ASA) and create the rules based on services/ports, but by doing this we will lose the visibility of application which is the reason we use PA in the first place. 

So, use as much APP-ID as possible other than service/port will be very important. Ok, my question is, how can I find out the APP-id that I should use? As a network engineer, it's very challenging for me to get familiar with all the applications.

Anyone can give me some advices? Thanks a lot.

 

Patrick

1 accepted solution

Accepted Solutions

L7 Applicator

Probably the easiest way to leverage App-ID while not knowing every single app is to use the Objects > Application Filters area to create collections of apps that you want to use. You can set up your policies to use those instead of individual apps, and still leverage the app-id database.

 

You can create a pretty complex set of app filters this way, so it can be as specific or generic as you want.

 

Beyond that, you can use port-based rules initially, and then over time you'll be able to see the apps used in your traffic logs. Then you can start creating app-based policies above the port-based policies, eventually phasing out the port-based ones as your app-based rules become more robust.

 

-Greg

View solution in original post

2 REPLIES 2

L7 Applicator

Probably the easiest way to leverage App-ID while not knowing every single app is to use the Objects > Application Filters area to create collections of apps that you want to use. You can set up your policies to use those instead of individual apps, and still leverage the app-id database.

 

You can create a pretty complex set of app filters this way, so it can be as specific or generic as you want.

 

Beyond that, you can use port-based rules initially, and then over time you'll be able to see the apps used in your traffic logs. Then you can start creating app-based policies above the port-based policies, eventually phasing out the port-based ones as your app-based rules become more robust.

 

-Greg

Hi Greg,

 

Yes, you are right, the logs are telling me the APP-ID, even I haven't configured it. Thank you very much!

Cheers,

  • 1 accepted solution
  • 2976 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!