Palo Alto Networks firewalls automatically
generate a packet capture for sessions that contain an application
that the firewall cannot identify. Typically, the only applications
that are classified as unknown traffic—tcp, udp, or non-syn-tcp—are
commercially available applications that do not yet have App-ID signatures,
are internal or custom applications on your network, or potential
threats. You can use these packet captures to gather more context
related to the unknown application or use the information to analyze
the traffic for potential threats. You can also
Manage Custom or Unknown Applications by
controlling them through security policy or by writing a custom
application signature and then creating a security rule based on the
custom signature. If the application is a commercial application,
you can submit the packet capture to Palo Alto Networks to have
an App-ID signature created.