If possible, avoid using application
override policies because they prevent the firewall from using App-ID
to identify applications and from performing layer 7 inspection
for threats. To support internal proprietary applications, it’s
better to
create custom applications that
include the application signature so the firewall performs layer
7 inspection and scans the application traffic for threats. If a
commercial application doesn’t have an App-ID,
submit a request for a new App-ID.
If a public application definition (default ports or signature)
changes so the firewall no longer identifies the application correctly,
create a support ticket so Palo Alto Networks can update the definition.
In the meantime, create a custom application so the firewall continues
to perform layer 7 inspection of the traffic.