03-08-2019 08:56 AM
If I use application in the rule instead of port will that increase any cpu load on PA
03-08-2019 09:51 AM
i have not notice a performance hit on the CPU when using app-id. the only hit I've notice is when i enabled decryption and/or inbound inspection
hope this helps
03-09-2019 08:28 PM
Unless you are using application-override policies for all of your traffic, which you absolutely should not be, the firewall goes through the same process for identifying the traffic regardless of the security policy. Even when you allow application 'any' on tcp/8443 for example, the firewall itself still identifies the application and does the same process it would if you had identified application ssl on tcp/8443 or otherwise made a custom application signature for the traffic in question.
The only way you would see a performance increase would be if you stop layer-7 processing through something like an application-override security policy. This would be ill-advised and honestly wouldn't provide any major performance increases outside of a few outlier applications.
03-08-2019 09:51 AM
i have not notice a performance hit on the CPU when using app-id. the only hit I've notice is when i enabled decryption and/or inbound inspection
hope this helps
03-08-2019 11:01 AM
Hello,
I also try to use application rather than specific port to get layer 7 insepction. havent noticed much if any, but then I never really did a comparison. I try to make my policies as specific as possible so I use applicaitons in 99% of my policies.
Regards,
03-09-2019 08:28 PM
Unless you are using application-override policies for all of your traffic, which you absolutely should not be, the firewall goes through the same process for identifying the traffic regardless of the security policy. Even when you allow application 'any' on tcp/8443 for example, the firewall itself still identifies the application and does the same process it would if you had identified application ssl on tcp/8443 or otherwise made a custom application signature for the traffic in question.
The only way you would see a performance increase would be if you stop layer-7 processing through something like an application-override security policy. This would be ill-advised and honestly wouldn't provide any major performance increases outside of a few outlier applications.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
