I’m looking to create a custom AppID for our Softphones by PureCloud. In short, we are attempting to block the chat feature within the application. The application is web-browser based and encrypted, so we setup decryption for the traffic in the hopes we could enforce security policies on the decrypted traffic. The decryption is working fine and I’ve been able to get some basic AppID’s created to recognize the traffic based on the FQDN. My goal is to create a custom AppID that goes deeper into the packet and matches on a pattern. So far, I’ve been unsuccessful. I’ve validated the parent app is “websocket” but have not been able to hit on a pattern match. I believe the issue I’m having is with the Context choice. I opened a PAN support case and worked with a tech who was helpful but limited in support he could provide (best effort only.) I’ve searched through the Live Community Discussions related to AppID’s and didn’t hit on anything helpful so far. I’ve read pretty much anything and everything I could find online and in PAN’s knowledge base articles but have not found a solution. I setup a decryption mirror port and captured some PureCloud traffic. I can provide a packet capture of the decrypted traffic for a short chat conversation. I was hoping someone could help me figure out the right Context to match patterns against or an alternative approach. Any help you could extend to me would be greatly appreciated. I found both of these resources very helpful. I list them for others who might benefit from them. Video - How To Configure A Custom App-Id https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmGCAS PDF - Creating Custom Application And Threat Signatures https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOFCA0 Regards, Rob
... View more
Sounds basic but cloning is by far one of my favorite features. Prior to pulling all of our firewalls into Panorama it was limited to similiar rules to get started but once we were under the Panorama umbrella, Wow! How cool it was to define a block of rules then clone them across multiple firewalls. A few rule name clean-up and zone changes and your all set. My next favorite feature is the ablitity to use the PAN Configurator. Again with the help of Panorama it's been amazing to be able to update a rule set across multiple firewalls with a few one liners on the PAN Configurator command prompt. Even grabbing a rule set across all my firewalls at once to view in an easy to read spreadsheet is huge.
... View more