Home > LAN, Palo Alto > Palo Alto AppID and F5 HTTP Health Monitors

Palo Alto AppID and F5 HTTP Health Monitors

It appeared that you cannot really enforce (using application override policy) standard application called “web-browsing” for a session that carries traffic non-compliant with HTTP specifications. I am not sure how strict the checks are but standard F5 http health monitor where the request is defined as

GET /\r\n

is detected as “unknown-tcp” regardless of any override policies. The only way to make Palo Alto firewall recognize this traffic as “web-browsing” is to add HTTP protocol specification as follows:

GET / HTTP/1.0\r\n

or

GET / HTTP/1.1\r\n

Thanks to awesome Palo Alto Support for the clue.

p.s. Uselessness of the default F5 HTTP health monitor should be a subject of a separate post 🙂

Advertisements
Categories: LAN, Palo Alto Tags: ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: