In addition, allow no unknown applications in the data center.
Unknown applications may indicate that an adversary has gained access
to your data center.
Create custom applications for your proprietary internal
applications so that you can identify them with
App-ID and apply security to that traffic.
If you don’t create custom applications for your proprietary applications,
the firewall sees them as unknown-tcp or unknown-udp traffic. The
issue is that the firewall treats the proprietary applications the
same way it treats other unknown applications, and you should block
unknown applications because they may be an attacker’s tools. If you
allow unknown applications in your data center, you could be handing
over the keys to your asset kingdom to an attacker.