I have a question regarding the "AppID override" ,
In this article "https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVLCA0" we can read the following:
" Special Note about Content and Threat inspection Application Override to a custom application will force the firewall to bypass Content and Threat inspection for the traffic that is matching the override rule. The exception to this is when you override to a pre-defined application that supports threat inspection. "
However, in the PaloAlto Packet Flow Sequence (available : http://live.paloaltonetworks.com//t5/image/serverpage/image-id/12862i950F549C7D4E6309) we can see this :
When the application override policy is matched the only step skiped is [Pattern-based application identification]. The "Content Inspection (SP3/CTD)" is allways performed, regardless of the application override. So the Content profiles seem to be applyed.
So my question is the following: is something missing from the diagram or am I wrongly reading the graph ?
Many thanks, Karim BENYELLOUL
... View more