I created custom app for ldaps tcp/636 based on signature (ssl-rsp-certificate) which contains text from certificate This caused https - tcp/443 (ssl based) traffic to match this new custom app. After some investigation I realised that https context ssl-req-client-hello contains http/version (i.e. http/1.1) and wanted to filter out this in my custom app so it will not match https any more. Unfortunately I run into limitation where I am not able to Negate my pattern-match. Something that is possible in Custom vulnerability is not possible in Custom App, unfortunately and sadly. Proposal to specify port 636 under Advanced/Defaults is not a solution. Reason: Custom application signature behaves similar way as pre-defined. App-ID does not work merely on default port information but also other conditions. For example, if you have web-application running on custom port, it will be identify as web-browsing as soon as it matches to web-browsing signatures.
... View more