After enabling decryption recently we started to have a few issues with applications being identified incorrectly.
A few common examples of this are sap, http-video and http-audio
These end up being blocked with "application default" for the service, this appears to be because in some instances sites use https anyway and once these apps are decrypted they show as going over port 443 rather than 80 which makes sense but is contrary to the app-id signatures default ports.
I know we can create rules for applications like this to allow them specifically but this is starting to become very time consuming to create a rule for every application that has this issue.
Is there a way to allow this traffic while still inspecting it with some sort of override? it feels a little like there should be a http-video (Decrypted) or https-video application.
I think it would be great to be able to create an application signature that overrides default settings, this would allow you to pick pre existing application signature and override the default ports for example. We can then add this overriden application to a pre-existing rule.
Is there another work around for this I have missed?