Palo Alto Application Override

 

What is an Application Override?

Application Override is where the Palo Alto Networks firewall is configured to override the normal Application Identification (App-ID) of specific traffic passing through the firewall.  As soon as the Application Override policy takes effect, all further App-ID inspection of the traffic is stopped and the session is identified with the custom application.


To configure an Application Override, go to Policies > Application Override in the WebGUI. For setup, you'll need the following:

  • Custom Application to be used in the Application Override policy (recommended)
  • Application Override policy
  • Security Policy that allows the newly created Custom Application through the firewall



Example.

ldaps is on TCP / 636, Palo NGFW doesn't recognized this app.

1. Create a custom app called AO-ldaps on TCP/636. 

2. Create an Application Override policy to define the specific traffic to be identified as AO-ldaps.


3. Use AO-ldaps in Security Policy





Comments