Hi @illuzian@ After you create the custom app, and the application override policy, you can create a security policy. In the security policy, you will specify the custom application you just created, but you will not apply any security profile. This will avoid the application from being scanned by the IPS engine. Remeber that you can be selective, and apply other profiles if you need too. Since it is an internal application, and you seem to trust it, if performance is an issue, I would create this security policy with the DSRI feature in disabled state. A session on the firewall comprises two flows, client to server and server to client. The DSRI feature on the Palo Alto Networks firewall can be enabled to skip the inspection of the Server to Client flow. https://live.paloaltonetworks.com/t5/Featured-Articles/DotW-Using-DSRI-with-the-Palo-Alto-Networks-firewall/ta-p/70666 I hope this helps.
... View more