using rules on application base and cpu overhead?

Reply
Highlighted
Cyber Elite

using rules on application base and cpu overhead?

If I use application in the rule instead of port will that increase any cpu load on PA

MP

Accepted Solutions
Highlighted
L1 Bithead

Re: using rules on application base and cpu overhead?

i have not notice a performance hit on the CPU when using app-id.  the only hit I've notice is when i enabled decryption and/or inbound inspection 

 

hope this helps

View solution in original post

Highlighted
Cyber Elite

Re: using rules on application base and cpu overhead?

@MP18,

Unless you are using application-override policies for all of your traffic, which you absolutely should not be, the firewall goes through the same process for identifying the traffic regardless of the security policy. Even when you allow application 'any' on tcp/8443 for example, the firewall itself still identifies the application and does the same process it would if you had identified application ssl on tcp/8443 or otherwise made a custom application signature for the traffic in question.

The only way you would see a performance increase would be if you stop layer-7 processing through something like an application-override security policy. This would be ill-advised and honestly wouldn't provide any major performance increases outside of a few outlier applications. 

View solution in original post


All Replies
Highlighted
L1 Bithead

Re: using rules on application base and cpu overhead?

i have not notice a performance hit on the CPU when using app-id.  the only hit I've notice is when i enabled decryption and/or inbound inspection 

 

hope this helps

View solution in original post

Highlighted
Cyber Elite

Re: using rules on application base and cpu overhead?

Hello,

I also try to use application rather than specific port to get layer 7 insepction. havent noticed much if any, but then I never really did a comparison. I try to make my policies as specific as possible so I use applicaitons in 99% of my policies.

 

Regards,

Highlighted
Cyber Elite

Re: using rules on application base and cpu overhead?

@MP18,

Unless you are using application-override policies for all of your traffic, which you absolutely should not be, the firewall goes through the same process for identifying the traffic regardless of the security policy. Even when you allow application 'any' on tcp/8443 for example, the firewall itself still identifies the application and does the same process it would if you had identified application ssl on tcp/8443 or otherwise made a custom application signature for the traffic in question.

The only way you would see a performance increase would be if you stop layer-7 processing through something like an application-override security policy. This would be ill-advised and honestly wouldn't provide any major performance increases outside of a few outlier applications. 

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!