Network Security
Application Override Policy (Strata Cloud Manager)
Table of Contents
Expand All
|
Collapse All
Network Security Docs
-
- Security Policy
-
- Security Profile Groups
- Security Profile: AI Security
- Security Profile: WildFire® Analysis
- Security Profile: Antivirus
- Security Profile: Vulnerability Protection
- Security Profile: Anti-Spyware
- Security Profile: DNS Security
- Security Profile: DoS Protection Profile
- Security Profile: File Blocking
- Security Profile: URL Filtering
- Security Profile: Data Filtering
- Security Profile: Zone Protection
-
- Policy Object: Address Groups
- Policy Object: Regions
- Policy Object: Traffic Objects
- Policy Object: Applications
- Policy Object: Application Groups
- Policy Object: Application Filter
- Policy Object: Services
- Policy Object: Auto-Tag Actions
- Policy Object: Devices
-
- Uses for External Dynamic Lists in Policy
- Formatting Guidelines for an External Dynamic List
- Built-in External Dynamic Lists
- Configure Your Environment to Access an External Dynamic List
- Configure your Environment to Access an External Dynamic List from the EDL Hosting Service
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Policy Object: HIP Objects
- Policy Object: Schedules
- Policy Object: Quarantine Device Lists
- Policy Object: Dynamic User Groups
- Policy Object: Custom Objects
- Policy Object: Log Forwarding
- Policy Object: Authentication
- Policy Object: Decryption Profile
- Policy Object: Packet Broker Profile
-
-
-
- The Quantum Computing Threat
- How RFC 8784 Resists Quantum Computing Threats
- How RFC 9242 and RFC 9370 Resist Quantum Computing Threats
- Support for Post-Quantum Features
- Post-Quantum Migration Planning and Preparation
- Best Practices for Resisting Post-Quantum Attacks
- Learn More About Post-Quantum Security
-
-
-
- Investigate Reasons for Decryption Failure
- Identify Weak Protocols and Cipher Suites
- Troubleshoot Version Errors
- Troubleshoot Unsupported Cipher Suites
- Identify Untrusted CA Certificates
- Repair Incomplete Certificate Chains
- Troubleshoot Pinned Certificates
- Troubleshoot Expired Certificates
- Troubleshoot Revoked Certificates
Application Override Policy (Strata Cloud Manager)
Stateful layer 4 inspection for SIP-ALG and SMB traffic that overrides
application-based policy.
Palo Alto Networks determines what an application is irrespective of port, protocol,
encryption, (SSH or SSL) or any other evasive tactic used by the application.
Configure your won Application Override Policy to chance how traffic get classified
to support internal or proprietary application.
To change how your configuration classifies network traffic into applications, you
can specify application override policies. For example, if you want to control one
of your custom applications, an application override policy can be used to identify
traffic for that application according to zone, source and destination address, and
protocol. If you have network applications that are classified as “unknown,” you can
create new application definitions for them
Review your existing policy rulebase. If you have any Application Override rules for
traffic other than SMB or SIP, convert the rule to an App-ID based rule so that you
can decrypt and inspect the traffic at layer 7 and prevent threats.
To create an application override:
- First go to ManageConfigurationNGFW and Prisma AccessObjectsApplications and create a custom application. This is the application that you want traffic to match instead of the App-ID Prisma Access uses.
- Return to ManageConfigurationNGFW and Prisma AccessNetwork PoliciesApplication Override to then create your application override security rule.This rule specifies when Prisma Access should invoke the custom application.Consider that when you create an application override security rule, you’re limiting Prisma Access App-ID from classifying traffic and performing threat inspection based on that application identification.To support internal proprietary applications, it’s worth thinking about creating a custom application (instead of an application override rule) that include the application signature so that Prisma Access performs layer 7 inspection and scans the application traffic for threats.