08-01-2016 01:56 PM
The following custom application can be created on the Palo Alto Firewall to identify Pokemon-go traffic
<application version="7.1.0">
<entry name="pokemon-go">
<default>
<port>
<member>tcp/443</member>
</port>
</default>
<signature>
<entry name="pokemon-go-sig">
<and-condition>
<entry name="And Condition 1">
<or-condition>
<entry name="Or Condition 1">
<operator>
<pattern-match>
<pattern>pgorelease\.nianticlabs\.com</pattern>
<context>ssl-req-client-hello</context>
</pattern-match>
</operator>
</entry>
</or-condition>
</entry>
</and-condition>
<scope>session</scope>
<order-free>no</order-free>
</entry>
</signature>
<subcategory>gaming</subcategory>
<category>media</category>
<technology>client-server</technology>
<description>Custom Pokemon App</description>
<risk>1</risk>
<consume-big-bandwidth>yes</consume-big-bandwidth>
<used-by-malware>no</used-by-malware>
<prone-to-misuse>no</prone-to-misuse>
<parent-app>ssl</parent-app>
</entry>
</application>The custom application can then be applied in a security policy to either deny the app or to gain visibility into the usage of the app.
