Persistent issue with APP-ID Reliability

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Persistent issue with APP-ID Reliability

L2 Linker

Hello all. I have had an issue with PANOS since 7.0 (Currently I am on 9.0.2-h2) where the application id feature is not reliable in security rules. I can add a rule and for example lets say I allow ssl to 10.1.1.1 from 10.2.1.1 no user restrictions and just add the ssl application and commit. Then I try to access https on 10.1.1.1 from 10.2.1.1 and the traffic will be allowed. Then an hour later I try again and this time it will drop. When I go into monitor. Below is legitimate traffic being dropped because the application is "not-applicable"

 

In order to resolve this what I have to do is clone the rule and place it below or above and remove the applications and set it to any then set service to select and choose 443. I have so many redundant rules because of this and I am sick of doing it. Does anyone else have this problem or is it just me? drops.png

2 REPLIES 2

Community Team Member

Hi @scottoliver ,

 

Do you get any more information in the log details ?

 

Not-applicable usually means that the Palo Alto device has received data that will be discarded because the port or service that the traffic is coming in on is not allowed, or there is no rule or policy allowing that port or service:

 

Not-applicable in Traffic Logs 

 

Cheers !

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Still no resolution on this I have opened ticket but no fixes yet

  • 2485 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!