When you setup a rule in Application Override for a pre-defined application, the firewall has been configured to not do any application identification, but it will continue to do content threat inspection. Special Note about Content and Threat inspectionĪpplication Override to a custom application will force the firewall to bypass Content and Threat inspection for the traffic that is matching the override rule. The exception to this is when you override to a pre-defined application that supports threat inspection. Security Policy that allows the newly created Custom Application through the firewall.Custom Application to be used in the Application Override policy (recommended).To configure an Application Override, go to Policies > Application Override in the WebGUI. If you, for example, have a custom application that uses TCP Port 23, but traffic passing through the firewall is identified as temenos-T24, and the misidentification causes confusion about the traffic, then an Application Override can be implemented to correctly identify the traffic. Let's look at a typical scenario where you might use an Application Override policy. In such cases, we recommended creating an application override to allow easier identification and reporting, and to prevent confusion. For these applications, we may not have signatures to properly identify the expected behavior and identify the traffic with a known application. In some cases, customers build their own custom applications to address specific needs unique to the company. You might ask why we'd ever need to override the normal application identification process. Please note that this is different from a traditional "Custom Application" as a Custom Application normally uses a signature and any traffic passing through the firewall would be identified as such, and not need an Application Override. As soon as the Application Override policy takes effect, all further App-ID inspection of the traffic is stopped and the session is identified with the custom application. Application Override is where the Palo Alto Networks firewall is configured to override the normal Application Identification (App-ID) of specific traffic passing through the firewall.
0 Comments
Leave a Reply. |