05-22-2017 10:52 AM
Not sure if I on the same page but PanOS already recongize the application you just need to configure class and policies. Check this link out it may clear up some questions.
05-22-2017 12:15 PM - edited 05-22-2017 12:45 PM
I think what @simsim is looking for is PBR...Policy Based Routing. (Not to be confused with the beer...I guess Palo calls it Policy Based Forwarding...Under the Policies tab)
NBAR is Cisco's term under SDN WAN...Network Based Application Routing.
05-22-2017 12:32 PM
Hi,
Sorry for the confusion .
I am talking about "Network-Based Application Recognition"-cisco
Thanks
05-22-2017 12:51 PM
@simsim My company is looking into NBAR and which vendor is the best fit for our needs.
Cisco with DMVPN / SDN WAN / iWAN...Name the most current "jazzed" up acronym and if we can get a similar functionality out of Palo.
For us Palo seems easier to use in general, but depending upon what you're looking to do Palo might not be able to do "all" that Cisco offers under SD WAN. SDN WAN, which leverages NBAR, is really all about application performance (QoS / Latency).
I haven't really seen how Palo can do that...But from a raw function of NBAR...To me it seems Palo "should" easily be able to do that since at it's core the Palo firewall is an application based firewall.
If you go to the policy based forwarding areas in the policies tab you can see you can tell Palo to send a specific application down any interface / sub-interface that's configured on the appliance.
05-22-2017 12:54 PM
I might be able to tell you how NBAR works in an 850 in the next 4 months...More to come
02-03-2018 05:44 PM
@Brandon_Wertz- how was your experience with Palo's flavor of NBAR ?
I happened on this thread while looking for NBAR Netflow information.
02-19-2018 07:11 AM
Sorry @BBoatright my activites got redirected a few months after I posted that.
We ended up not getting 850s, but 5220s. My plan is to use my 5060s which were replaced by the 5220s.
So in the next 2 or 3 months I should have my 5060s redeployed and doing what I planned on they do. Though, I am a bit concerned because when you look at the Policy based forwarding area you can't specify things like "Facebook" or "Office-365." Palo pushes customers to use EDLs via something like MineMeld to use IP based objects in PBF rules.
So I'm not really certain Palo will be able to do NBAR esque features, which seems rather odd for an "application based" firewall.
Instead I'm likely going to use generic type routing to send a large base of traffic out specific interfaces.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
