URGENT: Custom Application issue.

Reply
Highlighted
L3 Networker

URGENT: Custom Application issue.

Hi peeps,

 

I have created a custom application for a particular TCP port and added that particular application in to my security policy, but traffic gets hit to deny policy. It works only when i do App override but it is not recommended to do app override. Is there any way to achieve it without App-Override or its mandatory to create a App-Override for custom applications. ? 

 

Also Please Share me the KB articles if it got any info's related to my query.

 

Thanks & Regards,
Sahithyan S

Accepted Solutions
Highlighted
Cyber Elite

@sahithyan.subbu,

I would look at the information that @OtakarKlier linked too, but the most important thing is just to identify that your signature/s are properly being matched to the traffic.

If you haven't configured any signatures on your custom application, you'll need to utilize application override to actually get things to map correctly. Without a signature assigned to the custom application there isn't anything to tell the firewall that the traffic is supposed to match this application. 

View solution in original post


All Replies
Highlighted
Cyber Elite

Hello,

Could be something wrong with the regex? I honestly dont use any custom apps or app overrides because they are more hassle for me anyway.However here are a few articles that I'm sure you've already gone over that may help?

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK

https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-...

 

Regards,

Highlighted
L2 Linker

I had a similar issue where I have a main rule to allow Facetime, itunes etc. For some reason even I had stun added to the same security rule, it was getting denied by the default rule. So what I did was created a another security rule on top and added the stun app seperately which fixed the issue.May be you can try this. 

Highlighted
Cyber Elite

@sahithyan.subbu,

I would look at the information that @OtakarKlier linked too, but the most important thing is just to identify that your signature/s are properly being matched to the traffic.

If you haven't configured any signatures on your custom application, you'll need to utilize application override to actually get things to map correctly. Without a signature assigned to the custom application there isn't anything to tell the firewall that the traffic is supposed to match this application. 

View solution in original post

Highlighted
L3 Networker

@BPry 

 

Yeah, exactly. i do agree that. There is no other option or a way to workaround, that is how the packets get processed in Firewall during the APP inspection. Either we have to map the signature to the custom App or we can do App override.

 

 

Thanks & Regards,
Sahithyan S
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!