PCNSA – 3.3

Identify the purpose of application characteristics as defined in the App-ID database.

Palo Alto Networks PCNSA Study Guide v10

Application Properties

  • Category: Used for reporting and filtering, defined by PaloAlto
  • Subcategory: Used for reporting and filtering
  • Technology: The technology most closely associated with an application.
  • Risk: Relative risk from 1 to 5 with 5 being most risky.
  • Characteristics: Identifies behaviors of an application or classifications such as FEDRAMP.

Application Characteristics

App-ID applications are identified by many characteristics. They can be found at https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/objects/objects-applications/applications-overview.html#ide860abff-93f0-426a-adc3-05a9a927ca45_idb18fe533-8895-4604-97d9-4a1ea6f358a0

Application Timeouts

  • Timeout: time before an idle application flow is terminated.
  • TCP Timeout: time before an idle TCP application flow is terminated
  • UDP Timeout: time before an idle UDP application flow is terminated
  • TCP Half Closed: Max time that a session is kept in the session table between FIN and either FIN or RST.
  • TCP Time Wait: Time a session remains in the session table after the second FIN or RST is received