Create an application override policy to designate applications be processed using fast path Layer-4 inspection instead of using the App-ID for Layer-7 inspection. This forces the security enforcement node to handle the session as a regular stateful inspection and saves application processing times. You can create an application override policy rule when you do not want traffic inspection for custom applications between known IP addresses. For example, if you have a custom application on a non-standard port that you know users accessing the application are sanctioned, and both are in the Trust zone, you can override the application inspection requirements for the trusted users accessing the custom application.

To change how Prisma Access classifies applications, go to

Manage

Configuration

NGFW and Prisma Access

Network Policies

Application Override

to then create your application override policy rule.

Consider that when you create an application override policy rule, you’re limiting App-ID from classifying your deployment's traffic and performing threat inspection based on that application identification. To support internal proprietary applications, it’s worth thinking about creating a custom application (instead of an application override rule) that include the application signature so that

Strata Cloud Manager

performs layer 7 inspection and scans the application traffic for threats. To create a custom application, go to

Manage

Configuration

NGFW and Prisma Access

Objects

Applications

.

Use the following sections to configure an application override rule:

Source
Zones
—
Add
source zones.
Addresses
—
Add
source addresses, address groups, or regions and specify the settings.
Destination
Zones
—
Add
to choose destination zones.
Addresses
—
Add
source addresses, address groups, or regions and specify the settings.
Application
Application
—Select the override application for traffic flows that match the above rule criteria. When overriding to a custom application, there is no threat inspection that is performed. The exception to this is when you override to a pre-defined application that supports threat inspection.
To define new applications, go to
Manage
Configuration
NGFW and Prisma Access
Objects
Applications
.
Protocol
Protocol
—Select the protocol (
TCP
or
UDP
) for which to allow an application override.
Port
—Enter the port number (0 to 65535) or range of port numbers (port1-port2) for the specified destination addresses. Multiple ports or ranges must be separated by commas.