Select ObjectsApplications to Add a new custom application for the firewall to evaluate when applying policies.
New Application Settings
Enter the application name (up to 31 characters). This name appears in the applications list when defining security policies. The name is case-sensitive and must be unique. Use only letters, numbers, spaces, periods, hyphens, and underscores. The first character must be a letter.
Select this option if you want the application to be available to:
Disable override (Panorama only)
Select this option to prevent administrators from overriding the settings of this application object in device groups that inherit the object. This selection is cleared by default, which means administrators can override the settings for any device group that inherits the object.
Enter a description of the application for general reference (up to 255 characters).
Select the application category, such as email or database. The category is used to generate the Top Ten Application Categories chart and is available for filtering (refer to ACC).
Select the application subcategory, such as email or database. The subcategory is used to generate the Top Ten Application Categories chart and is available for filtering (refer to ACC).
Select the technology for the application.
Specify a parent application for this application. This setting applies when a session matches both the parent and the custom applications; however, the custom application is reported because it is more specific.
Select the risk level associated with this application (1=lowest to 5=highest).
Select the application characteristics that may place the application at risk. For a description of each characteristic, refer to Characteristics.
If the protocol used by the application is TCP and/or UDP, select Port and enter one or more combinations of the protocol and port number (one entry per line). The general format is:
where the <port> is a single port number, or dynamic for dynamic port assignment.
Examples: TCP/dynamic or UDP/32.
This setting applies when using app-default in the Service column of a Security rule.
To specify an IP protocol other than TCP or UDP, select IP Protocol, and enter the protocol number (1 to 255).
To specify an Internet Control Message Protocol version 4 (ICMP) type, select ICMP Type and enter the type number (range is 0-255).
To specify an Internet Control Message Protocol version 6 (ICMPv6) type, select ICMP6 Type and enter the type number (range is 0-255).
To specify signatures independent of protocol, select None.
Enter the number of seconds before an idle application flow is terminated (range is 0-604800 seconds). A zero indicates that the default timeout of the application will be used. This value is used for protocols other than TCP and UDP in all cases and for TCP and UDP timeouts when the TCP timeout and UDP timeout are not specified.
Enter the number of seconds before an idle TCP application flow is terminated (range is 0-604800 seconds). A zero indicates that the default timeout of the application will be used.
Enter the number of seconds before an idle UDP application flow is terminated (range is 0-604800 seconds). A zero indicates that the default timeout of the application will be used.
TCP Half Closed
Enter the maximum length of time that a session remains in the session table, between receiving the first FIN and receiving the second FIN or RST. If the timer expires, the session is closed.
Default: If this timer is not configured at the application level, the global setting is used (range is 1-604800 seconds).
If this value is configured at the application level, it overrides the global TCP Half Closed setting.
TCP Time Wait
Enter the maximum length of time that a session remains in the session table after receiving the second FIN or a RST. If the timer expires, the session is closed.
Default: If this timer is not configured at the application level, the global setting is used (range is 1-600 seconds).
If this value is configured at the application level, it overrides the global TCP Time Wait setting.
Select the scanning types that you want to allow based on Security Profiles (file types, data patterns, and viruses).
Click Add to add a new signature, and specify the following information:
Specify the conditions that identify the signature. These conditions are used to generate the signature that the firewall uses to match the application patterns and control traffic:
To move a condition within a group, select the condition and Move Up or Move Down. To move a group, select the group and Move Up or Move Down. You cannot move conditions from one group to another.
It is not required to specify signatures for the application if the application is used only for application override rules.
Applications Overview The Applications page lists various attributes of each application definition, such as the application’s relative security risk (1 to 5). The risk value ...
Create a Custom Application
Create a Custom Application To safely enable applications you must classify all traffic, across all ports, all the time. With App-ID, the only applications that ...
Session Timeouts A session timeout defines the duration for which PAN-OS maintains a session on the firewall after inactivity in the session. By default, when ...
Configure Session Timeouts
Configure Session Timeouts A session timeout defines the duration of time for which PAN-OS maintains a session on the firewall after inactivity in the session. ...
Objects > Custom Objects > Spyware/Vulnerability
Objects > Custom Objects > Spyware/Vulnerability The firewall supports the ability to create custom spyware and vulnerability signatures using the firewall threat engine. You can ...
Device > Setup > Content-ID
Device > Setup > Content-ID Use the Content-ID ™ tab to define settings for URL filtering, data protection, and container pages. Content-ID Settings Description URL ...
Application Override Protocol/Application Tab
Application Override Protocol/Application Tab Select the Protocol/Application tab to define the protocol (TCP or UDP), port, and application that further defines the attributes of the ...
Configuring the Botnet Report
Botnet Configuration Settings Monitor > Botnet > Configuration To specify the types of traffic that indicate potential botnet activity, click Configuration on the right side ...
Manage Custom or Unknown Applications
Manage Custom or Unknown Applications Palo Alto Networks provides weekly application updates to identify new App-ID signatures. By default, App-ID is always enabled on the ...