To keep the security policy list clean, it would be great if I could create a custom application and just change/add my own default ports. This way I can just re-use the application anywhere, inside of perhaps one security policy with all applications for the zone. I want full analysis of the packet, so application-override isn't appealing. Once you start adding services, you either have to have an additional policy just for your app/custom service ports, or have to research all application-default ports for all applications you add to the policy, which is tedious and less secure. Even with service groups, the complication creeps up with duplication of the policy to other areas. I haven't done a deep dive on this since PanOs 7.x, but still in 9.1, I can create an application and leave the custom signature blank without an error, but my new custom application still doesn't get any hits. Let's just say I want to use web-browsing with ports 8070, 8080 and 8090 for any similar web server throughout my enterprise. Is it possible to create a custom application for this, or any application? If not, I wish they would add that feature. Seems so logical and clean.
... View more