Strata Cloud Manager
Manage: Application Override
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
-
- Strata Copilot
- Command Center: Strata Cloud Manager
-
- Dashboard: Build a Custom Dashboard
- Dashboard: Executive Summary
-
- WildFire Dashboard: Filters
- WildFire Dashboard: Total Samples Submitted
- WildFire Dashboard: Analysis Insights
- WildFire Dashboard: Session Trends For Samples Submitted
- WildFire Dashboard: Verdict Distribution
- WildFire Dashboard: Top Applications Delivering Malicious Samples
- WildFire Dashboard: Top Users Impacted By Malicious Samples
- WildFire Dashboard: Top Malware Regions
- WildFire Dashboard: Top Firewalls
- Dashboard: DNS Security
- Dashboard: AI Runtime Security
- Dashboard: IoT Security
- Dashboard: Prisma Access
-
- Application Experience Dashboard: Mobile User Experience Card
- Application Experience Dashboard: Remote Site Experience Card
- Application Experience Dashboard: Experience Score Trends
- Application Experience Dashboard: Experience Score Across the Network
- Application Experience Dashboard: Global Distribution of Application Experience Scores
- Application Experience Dashboard: Experience Score for Top Monitored Sites
- Application Experience Dashboard: Experience Score for Top Monitored Apps
- Application Experience Dashboard: Application Performance Metrics
- Application Experience Dashboard: Network Performance Metrics
- Dashboard: Best Practices
- Dashboard: Compliance Summary
-
- Prisma SD-WAN Dashboard: Device to Controller Connectivity
- Prisma SD-WAN Dashboard: Applications
- Prisma SD-WAN Dashboard: Top Alerts by Priority
- Prisma SD-WAN Dashboard: Overall Link Quality
- Prisma SD-WAN Dashboard: Bandwidth Utilization
- Prisma SD-WAN Dashboard: Transaction Stats
- Prisma SD-WAN Dashboard: Predictive Analytics
- Dashboard: PAN-OS CVEs
- Dashboard: CDSS Adoption
- Dashboard: Feature Adoption
- Dashboard: On Demand BPA
- Manage: IoT Policy Recommendation
- Manage: Enterprise DLP
- Manage: SaaS Security
- Manage: Prisma Access Browser
- Reports: Strata Cloud Manager
-
-
- Strata Cloud Manager Release Information
-
- New Features in February 2025
- New Features in January 2025
- New Features in December 2024
- New Features in November 2024
- New Features in October 2024
- New Features in September 2024
- New Features in August 2024
- New Features in July 2024
- New Features in June 2024
- New Features in May 2024
- New Features in April 2024
- New Features in March 2024
- New Features in February 2024
- New Features in January 2024
- New Features in November 2023
- New Features in October 2023
- New Features in September 2023
- Known Issues
- Addressed Issues
- Getting Help
Manage: Application Override
Learn to manage application override policy rules.
Where Can I Use This? | What Do I Need? |
---|---|
|
Each of these licenses include access to Strata Cloud Manager:
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
|
Create an application override policy to designate applications be processed using
fast path Layer-4 inspection instead of using the App-ID for Layer-7 inspection.
This forces the security enforcement node to handle the session as a regular
stateful inspection and saves application processing times. You can create an
application override policy rule when you do not want traffic inspection for custom
applications between known IP addresses. For example, if you have a custom
application on a non-standard port that you know users accessing the application are
sanctioned, and both are in the Trust zone, you can override the application
inspection requirements for the trusted users accessing the custom application.
To change how Prisma Access classifies applications, go to ManageConfigurationNGFW and Prisma AccessNetwork PoliciesApplication Override to then create your application override policy rule.
Application Override Tips
Consider that when you create an application override policy rule, you’re limiting
App-ID from classifying your deployment's traffic and performing threat inspection
based on that application identification. To support internal proprietary
applications, it’s worth thinking about creating a custom application (instead of an
application override rule) that include the application signature so that Strata Cloud Manager performs layer 7 inspection and scans the application traffic
for threats. To create a custom application, go to ManageConfigurationNGFW and Prisma AccessObjectsApplications.
Application Override Policies
Use the following sections to configure an application override rule:
- Source
- Zones—Add source zones.
- Addresses—Add source addresses, address groups, or regions and specify the settings.
- Destination
- Zones—Add to choose destination zones.
- Addresses—Add source addresses, address groups, or regions and specify the settings.
- Application
- Application—Select the override application for traffic flows that match the above rule criteria. When overriding to a custom application, there is no threat inspection that is performed. The exception to this is when you override to a pre-defined application that supports threat inspection.To define new applications, go to ManageConfigurationNGFW and Prisma AccessObjectsApplications.
- Protocol
- Protocol—Select the protocol (TCP or UDP) for which to allow an application override.
- Port—Enter the port number (0 to 65535) or range of port numbers (port1-port2) for the specified destination addresses. Multiple ports or ranges must be separated by commas.