: About Custom Application Signatures
Focus
Focus

About Custom Application Signatures

Table of Contents

About Custom Application Signatures

Learn how custom application signatures bring visibility to and allow more granular control of applications.
Custom application signatures reduce unknown traffic, provide application visibility, and give you more granular control over applications on your network. For example, you may believe office productivity has decreased since the FIFA Women’s World Cup began. You can create custom signatures for the FIFA landing and live streaming pages and view FIFA activity in the ACC and Traffic logs (as long as current security policies allow the traffic). From there, you can create a report, configure a QoS policy, or block the application by adding it to security policy.
An application signature identifies a pattern located within packets from an application or application function. This pattern uniquely identifies the application or function of interest. The App-ID™ traffic classification system relies on application signatures to accurately identify applications in your network. Palo Alto Networks has developed App-ID signatures for many well-known applications. (See Applipedia for a complete list). However, the volume of commercial applications and the nature of internal applications means that some applications do not have a signature. Such traffic receives “unknown” classification in the ACC and Traffic logs alongside potential threats. To properly classify this traffic and enforce security policy rules, you can create a custom application signature.
Custom application signatures enable you to:
  • Minimize “unknown” traffic on your network
    • Identify internal applications or special interest applications, such as a custom payroll application or sports live streaming
  • Monitor application usage in the ACC and Traffic logs
  • Explicitly define allowed applications and application functions (for example, allowing Slack for instant messaging, but blocking file transfer)
  • Perform QoS for a specific application
  • Identify nested applications, such as Words with Friends in Facebook
Custom applications take precedence over predefined applications when traffic matches both a custom-defined signature and a Palo Alto Networks signature. Accordingly, Traffic logs reflect the custom application name once the new application has been configured.