Application Override Policy (PAN-OS & Panorama)
Focus
Focus
Network Security

Application Override Policy (PAN-OS & Panorama)

Table of Contents


Application Override Policy (PAN-OS & Panorama)

Stateful layer 4 inspection for SIP-ALG and SMB traffic that overrides application-based policy.
Palo Alto Networks determines what an application is irrespective of port, protocol, encryption, (SSH or SSL) or any other evasive tactic used by the application. Configure your own Application Override Policy to chance how traffic get classified to support internal or proprietary application.
To change how your configuration classifies network traffic into applications, you can specify application override policies. For example, if you want to control one of your custom applications, an application override policy can be used to identify traffic for that application according to zone, source and destination address, port, and protocol. If you have network applications that are classified as “unknown,” you can create new application definitions for them
Review your existing policy rulebase. If you have any Application Override rules for traffic other than SMB or SIP, convert the rule to an App-ID based rule so that you can decrypt and inspect the traffic at layer 7 and prevent threats.
To create an application override:
  1. Go to ObjectsApplicationsAdd and create a custom application. This is the application that you want traffic to match instead of the App-ID your configuration uses.
  2. Go to PoliciesApplication Override to then create your application override security rule.
    This rule specifies when Prisma Access should invoke the custom application.
    Consider that when you create an application override security rule, you’re limiting Prisma Access App-ID from classifying traffic and performing threat inspection based on that application identification.
    To support internal proprietary applications, it’s worth thinking about creating a custom application (instead of an application override rule) that include the application signature so that Prisma Access performs layer 7 inspection and scans the application traffic for threats.