I get why most people say A and D, but I’m still drawn to B. If you want to recategorize how an app appears in traffic logs, creating a custom application seems like the move-especially if default categorization isn’t suitable. Maybe I’m off, but isn’t customizing for policy mapping also common? Could be a trap though if Palo Alto expects "main reasons" to mean just identification and unknown traffic.
A and D make sense here. Custom apps in PAN firewalls are really about making sure you can identify internal apps that App-ID doesn't recognize (A), plus cutting down on unknown traffic entries in the logs (D). B is more about app categorization, not the main use. Pretty sure this is right, but happy to discuss if anyone disagrees.
Don't think B is right here. The real purpose of custom applications in PAN-OS is to properly identify internal or proprietary traffic (that's A), and also to cut down on all the unknown-tcp/udp noise (that's D). B looks like a trap since recategorizing isn't the main use case. Anyone else see it this way?
