Create a Custom Application with
a signature and attach it to a security policy, or create a custom
application and define an application override policy—A custom application
allows you to customize the definition of the internal application—its
characteristics, category and sub-category, risk, port, timeout—and
exercise granular policy control in order to minimize the range
of unidentified traffic on your network. Creating a custom application
also allows you to correctly identify the application in the
ACC and
traffic logs and is useful in auditing/reporting on the applications
on your network. For a custom application you can specify a signature
and a pattern that uniquely identifies the application and attach
it to a security policy that allows or denies the application.
Alternatively,
if you would like the firewall to process the custom application using
fast path (Layer-4 inspection instead of using App-ID for Layer-7
inspection), you can reference the custom application in an application
override policy rule. An application override with a custom application
will prevent the session from being processed by the App-ID engine,
which is a Layer-7 inspection. Instead it forces the firewall to
handle the session as a regular stateful inspection firewall at
Layer-4, and thereby saves application processing time.
For
example, if you build a custom application that triggers on a host
header
www.mywebsite.com, the packets are first identified
as
web-browsing and then are matched as your custom
application (whose parent application is web-browsing). Because
the parent application is web-browsing, the custom application is
inspected at Layer-7 and scanned for content and vulnerabilities.
If
you define an application override, the firewall stops processing
at Layer-4. The custom application name is assigned to the session
to help identify it in the logs, and the traffic is not scanned
for threats.
