Which two items must be configured when implementing application override and allowing traffic through the firewall? (Choose two.)
Which two items must be configured when implementing application override and allowing traffic through the firewall? (Choose two.)
When implementing application override and allowing traffic through the firewall, two critical configurations must be in place. The first is the application override policy rule, which dictates how the traffic should be recognized and handled. This rule ensures that specific traffic is matched to the custom application instead of the default handling by the firewall. The second required configuration is the security policy rule. This rule permits the traffic that has been identified by the application override rule to pass through the firewall. Without these two configurations, the traffic would either be misidentified or blocked by default security settings.
BC...D https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVLCA0
For setup, you'll need the following: Custom Application to be used in the Application Override policy (recommended) Application Override policy Security Policy that allows the newly created Custom Application through the firewall
Once the custom application object has been created, it requires two additional things before it will be used by the Palo Alto firewall: There must be a security policy in place that permits the traffic (unless this is a new site or recently added subnet, this should already exist) There must be an application override policy that specifies when the custom application object should be used There must be an application override policy that specifies when the custom application object should be used
D - not necessary, cause: Policies : Policies > Application Override : Application Override Protocol/Application Tab: "Application - Select the override application for traffic flows that match the above rule criteria. When overriding to a custom application, there is no threat inspection that is performed. The exception to this is when you override to a pre-defined application that supports threat inspection."
Poiuytr is right
Answers should include (D) Custom App (with no signature) as well as BC
BCD, but the ask for 2 answers only so I guess that Custom app is implicitly included in B?