Only use Application Override in the most highly
trusted environments where you can apply the principle of least
privilege strictly. Install endpoint protection on endpoints, install
compensating protections on servers, and make the Application Override
rule as restrictive as possible (only the necessary source, destination,
users, applications, and services) since you have limited visibility
into the traffic. If you must use Application Override and the traffic
traverses multiple inspection points such as a data center firewall
and then a perimeter firewall, apply Application Override consistently
along the path.
Review your existing policy rulebase. If you have any Application
Override rules for traffic other than SMB or SIP, convert the rule
to an App-ID based rule so that you can decrypt and inspect the
traffic at layer 7 and prevent threats.