Network technologies and trends

Feb 29 2016   12:07PM GMT

How does Palo Alto Firewall identify an App?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Tags:
app
application
ASA
BGP
Cisco
firewall
HTTP
IP address
Network design
OSPF
Routing
Signatures
Technology

When it comes to identifying an application  Palo Alto Firewall is quite accurate and yield great results in either allowing or dropping the traffic based on security policy applied.  I believe App-ID is the strongest point of Palo Alto Firewalls and it makes them leaders in the Next Generation Firewall segment.

App-ID™ is a patented traffic classification technology of Palo Alto Next Generation firewalls and it uses multiple identification mechanisms to  identify applications traversing the network.

Pa-appid

Based on the above App-ID flow , Palo Alto Firewall applies following  mechanisms to identify the application

  1. Initially the traffic will be classified based on an IP Address and port number used.
  2. An application is identified on the allowed traffic by applying Signatures.
  3. If encryption is use and decryption policy is in use then the application is decrypted and application signatures are applied on the decrypted flow.
  4. Decoders for known protocols are then used to apply additional context-based signatures to detect other applications that may be tunneling inside of the protocol (for example, Yahoo! Instant Messenger used across HTTP).
  5. For applications that are particularly evasive and cannot be identified through advanced signature and protocol analysis, heuristics or behavioral analysis may be used to determine the identity of the application.

Once an application is identified , the policy check will decide how to treat the application, based on the policy defined it will either allow, block or scan for threats/files transfers/data patters, or rate-limit using QoS.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: