To change how the firewall classifies network traffic
into applications, you can specify application override policies.
For example, if you want to control one of your custom applications,
an application override policy can be used to identify traffic for
that application according to zone, source and destination address,
port, and protocol. If you have network applications that are classified
as “unknown,” you can create new application definitions for them
(refer to Defining Applications).
Like security policies, application override policies can be
as general or specific as needed. The policy rules are compared
against the traffic in sequence, so the more specific rules must
precede the more general ones.
Because the App-ID engine in PAN-OS classifies traffic by identifying
the application-specific content in network traffic, the custom
application definition cannot simply use a port number to identify an
application. The application definition must also include traffic
(restricted by source zone, source IP address, destination zone,
and destination IP address).
To create a custom application with application override:
Define an application override policy that specifies when
the custom application should be invoked. A policy typically includes
the IP address of the server running the custom application and
a restricted set of source IP addresses or a source zone.
Use the following tables to configure an application override