Stateful layer 4 inspection for SIP-ALG and SMB traffic that overrides
application-based policy.
Palo Alto Networks determines what an application is irrespective of port, protocol,
encryption, (SSH or SSL) or any other evasive tactic used by the application.
Configure your won Application Override Policy to chance how traffic get classified
to support internal or proprietary application.
To change how your configuration classifies network traffic into applications, you
can specify application override policies. For example, if you want to control one
of your custom applications, an application override policy can be used to identify
traffic for that application according to zone, source and destination address, and
protocol. If you have network applications that are classified as “unknown,” you can
create new application definitions for them
Review your existing policy rulebase. If you have any Application Override rules for
traffic other than SMB or SIP, convert the rule to an App-ID based rule so that you
can decrypt and inspect the traffic at layer 7 and prevent threats.
To create an application override: