Understand App_overrride

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Understand App_overrride

L4 Transporter

Hi,

 

We did a change from another vendor to PA. We realise that backups (vmware) were transferring very slow. So we created a app_override in order to avoid L7 in this VMware traffic. After that the spped for backpus got better.

So i have several qestions:

-Why is this happening? whats wrong L7 inspection does in order to slowness?

-what kind of traffic app_override can improve? 

7 REPLIES 7

L7 Applicator

Hi @BigPalo 

What PAN-OS version do you have installed?

Prior to the app override do you have also secirity profiles configured or only a security policy with app-id? Did you check global counters when the traffic was slow?

9.0.9 version.

 

We have a security rule permitting backups VMWARE ports.

 

The idea is to know whats wrong in order to use app_override.

First I recommend to upgrade to 9.0.13 which is the preferred releasd of PAN-OS 9.0. (PAN-OS 9.0.9 is almost one year old).

 

The issue might be some bug in app-id processing that some buffers are full and because of that packets are dropped which results in poor performance. Something like that you may see when you check the global counters (with proper filters for your backup connection applied). As you no diabled layer 7 processing the buffers aren't used and the performance isn't degraded. Obviously this is only an assumption as I don't know this issue in detail, but again, I recommend to upgrade and check again then if it may be already solved the issue.

What global counter flag should i keep in mind for this?

 

Which one exactly I cannot say right now, but with filtering for severyity drop and/or errors you maybe see values which increase during such a connection and this might be an indicator for a problem like the one I was talking about.

Cyber Elite
Cyber Elite

Hello,

Another thing to remember about app override is that the PAN will not scan the traffic for any malicious payload. So I would say you really need to trust that traffic.

 

Regards,

Yes we know. We just wanted to know what PA produce this slowness,

  • 2591 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!