- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-20-2020 07:38 AM
Hi peeps,
I have created a custom application for a particular TCP port and added that particular application in to my security policy, but traffic gets hit to deny policy. It works only when i do App override but it is not recommended to do app override. Is there any way to achieve it without App-Override or its mandatory to create a App-Override for custom applications. ?
Also Please Share me the KB articles if it got any info's related to my query.
.
02-21-2020 01:45 PM
I would look at the information that @OtakarKlier linked too, but the most important thing is just to identify that your signature/s are properly being matched to the traffic.
If you haven't configured any signatures on your custom application, you'll need to utilize application override to actually get things to map correctly. Without a signature assigned to the custom application there isn't anything to tell the firewall that the traffic is supposed to match this application.
02-20-2020 09:59 AM
Hello,
Could be something wrong with the regex? I honestly dont use any custom apps or app overrides because they are more hassle for me anyway.However here are a few articles that I'm sure you've already gone over that may help?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK
Regards,
02-21-2020 12:41 AM
I had a similar issue where I have a main rule to allow Facetime, itunes etc. For some reason even I had stun added to the same security rule, it was getting denied by the default rule. So what I did was created a another security rule on top and added the stun app seperately which fixed the issue.May be you can try this.
02-21-2020 01:45 PM
I would look at the information that @OtakarKlier linked too, but the most important thing is just to identify that your signature/s are properly being matched to the traffic.
If you haven't configured any signatures on your custom application, you'll need to utilize application override to actually get things to map correctly. Without a signature assigned to the custom application there isn't anything to tell the firewall that the traffic is supposed to match this application.
02-27-2020 11:17 PM
Yeah, exactly. i do agree that. There is no other option or a way to workaround, that is how the packets get processed in Firewall during the APP inspection. Either we have to map the signature to the custom App or we can do App override.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!