Discover how to swiftly identify trusted applications with Palo Alto Networks’ App-ID engine. Learn to create custom applications and application override rules for precise traffic log reporting.
Table of Contents
Question
A firewall engineer has determined that, in an application developed by the company’s internal team, sessions often remain idle for hours before the client and server exchange any data. The application is also currently identified as unknown-tcp by the firewalls. It is determined that because of a high level of trust, the application does not require to be scanned for threats, but it needs to be properly identified in Traffic logs for reporting purposes.
Which solution will take the least time to implement and will ensure the App-ID engine is used to identify the application?
A. Create a custom application with specific timeouts and signatures based on patterns discovered in packet captures.
B. Access the Palo Alto Networks website and complete the online form to request that a new application be added to App-ID.
C. Create a custom application with specific timeouts, then create an application override rule and reference the custom application.
D. Access the Palo Alto Networks website and raise a support request through the Customer Support Portal.
Answer
C. Create a custom application with specific timeouts, then create an application override rule and reference the custom application.
Explanation
This approach will take the least time to implement and will ensure the App-ID engine is used to identify the application. Creating a custom application with specific timeouts will cater to the unique behavior of the application where sessions often remain idle for hours before any data exchange. The application override rule will then ensure that the firewall identifies the application correctly in the traffic logs for reporting purposes, without scanning it for threats due to the high level of trust.
Palo Alto Networks PCNSE certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Palo Alto Networks PCNSE exam and earn Palo Alto Networks PCNSE certification.