URGENT: Custom Application issue.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

URGENT: Custom Application issue.

L3 Networker

Hi peeps,

 

I have created a custom application for a particular TCP port and added that particular application in to my security policy, but traffic gets hit to deny policy. It works only when i do App override but it is not recommended to do app override. Is there any way to achieve it without App-Override or its mandatory to create a App-Override for custom applications. ? 

 

Also Please Share me the KB articles if it got any info's related to my query.

 

Thanks & Regards,
Sahithyan S
1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@sahithyan.subbu,

I would look at the information that @OtakarKlier linked too, but the most important thing is just to identify that your signature/s are properly being matched to the traffic.

If you haven't configured any signatures on your custom application, you'll need to utilize application override to actually get things to map correctly. Without a signature assigned to the custom application there isn't anything to tell the firewall that the traffic is supposed to match this application. 

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

Hello,

Could be something wrong with the regex? I honestly dont use any custom apps or app overrides because they are more hassle for me anyway.However here are a few articles that I'm sure you've already gone over that may help?

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK

https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-...

 

Regards,

I had a similar issue where I have a main rule to allow Facetime, itunes etc. For some reason even I had stun added to the same security rule, it was getting denied by the default rule. So what I did was created a another security rule on top and added the stun app seperately which fixed the issue.May be you can try this. 

Cyber Elite
Cyber Elite

@sahithyan.subbu,

I would look at the information that @OtakarKlier linked too, but the most important thing is just to identify that your signature/s are properly being matched to the traffic.

If you haven't configured any signatures on your custom application, you'll need to utilize application override to actually get things to map correctly. Without a signature assigned to the custom application there isn't anything to tell the firewall that the traffic is supposed to match this application. 

@BPry 

 

Yeah, exactly. i do agree that. There is no other option or a way to workaround, that is how the packets get processed in Firewall during the APP inspection. Either we have to map the signature to the custom App or we can do App override.

 

 

Thanks & Regards,
Sahithyan S
  • 1 accepted solution
  • 5298 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!