Network technologies and trends

Feb 13 2016   8:40AM GMT

How does Palo Alto Networks Firewall examines an UDP Packet to identify an application?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Tags:
application
Application firewalls
DNS
firewall
Next Generation Networking
Packets
Palo Alto Networks
UDP

In the below example, a single DNS query packet is trying to query  the domain www.yasirirfan.com. This packet contains all the information needed by a Palo Alto Network Firewalls to identify an app,  by inspecting the below UDP packet it can determine

Palo Alto UDP Packet Inspection

Is the packet  genuine and trying to use DNS as an application to do a query?

We could see both source IP , destination IP address along with destination port no and application is  identified by a Palo Alto Networks firewall, once the application is identified , the traffic is processed by security policy. By using this approach Palo Alto networks Firewalls are quite affective is stopping evasive applications

The good thing about  Palo Alto Networks Firewall is, mostly  it needs only one UDP packet to identify an application which are UDP based.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: