using rules on application base and cpu overhead?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

using rules on application base and cpu overhead?

Cyber Elite
Cyber Elite

If I use application in the rule instead of port will that increase any cpu load on PA

MP

Help the community: Like helpful comments and mark solutions.
2 accepted solutions

Accepted Solutions

L1 Bithead

i have not notice a performance hit on the CPU when using app-id.  the only hit I've notice is when i enabled decryption and/or inbound inspection 

 

hope this helps

View solution in original post

Cyber Elite
Cyber Elite

@MP18,

Unless you are using application-override policies for all of your traffic, which you absolutely should not be, the firewall goes through the same process for identifying the traffic regardless of the security policy. Even when you allow application 'any' on tcp/8443 for example, the firewall itself still identifies the application and does the same process it would if you had identified application ssl on tcp/8443 or otherwise made a custom application signature for the traffic in question.

The only way you would see a performance increase would be if you stop layer-7 processing through something like an application-override security policy. This would be ill-advised and honestly wouldn't provide any major performance increases outside of a few outlier applications. 

View solution in original post

3 REPLIES 3

L1 Bithead

i have not notice a performance hit on the CPU when using app-id.  the only hit I've notice is when i enabled decryption and/or inbound inspection 

 

hope this helps

Cyber Elite
Cyber Elite

Hello,

I also try to use application rather than specific port to get layer 7 insepction. havent noticed much if any, but then I never really did a comparison. I try to make my policies as specific as possible so I use applicaitons in 99% of my policies.

 

Regards,

Cyber Elite
Cyber Elite

@MP18,

Unless you are using application-override policies for all of your traffic, which you absolutely should not be, the firewall goes through the same process for identifying the traffic regardless of the security policy. Even when you allow application 'any' on tcp/8443 for example, the firewall itself still identifies the application and does the same process it would if you had identified application ssl on tcp/8443 or otherwise made a custom application signature for the traffic in question.

The only way you would see a performance increase would be if you stop layer-7 processing through something like an application-override security policy. This would be ill-advised and honestly wouldn't provide any major performance increases outside of a few outlier applications. 

  • 2 accepted solutions
  • 3980 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!