Maintain the Data Center Best Practice Rulebase
As conditions in your data center change, update the Security policy rulebase accordingly. Modify rules to control new and modified applications, protect new servers and other devices, and account for user feedback about application availability.
Applications constantly evolve, so your application whitelist needs to evolve with them. Because the best practice rules leverage policy objects to simply administration, adding support for a new application or removing an application from your whitelist typically means modifying the corresponding application group or application filter accordingly.
Installing new and modified App-IDs included in a content release version can also cause changes in policy enforcement for those applications. Before installing a new content release, review the policy impact for new and modified App-IDs and stage any necessary policy updates. Assess the treatment an application receives both before and after you install the new content update. Before you install new and modified App-IDs from a downloaded content release, modify existing Security policy rules to accommodate the App-ID changes. This enables you to simultaneously update your security policy rules and install new content so that the shift in policy enforcement is seamless. Alternatively, you can choose to disable new and modified App-IDs when installing a new content release version; this enables protection against the latest threats, while giving you the flexibility to enable those App-IDs after you've had the chance to prepare any policy changes.
Other ways to maintain the best practice rulebase include:
- Use Palo Alto Networks Assessment and Review Tools to identify gaps in security coverage.
- User feedback about applications they can no longer access may identify gaps in the rulebase or risky applications that were in use on your network before positive enforcement prevented their use.
- Compare the asset inventory list you created when you assessed you data center to the assets themselves and ensure that those assets are protected appropriately.
- Before installing a new content release version, review new and modified App-IDs to determine if there is policy impact.
- Either modify the existing security policy rules to accommodate the
App-ID changes in a content release or disable the new App-IDs introduced in
the content release. Disabling new App-IDs allows you to benefit immediately from protection against the latest threats while having the flexibility to enable App-IDs later, after preparing necessary policy updates. You can disable all App-IDs introduced in a content release, set scheduled content updates to automatically disable new App-IDs, or disable App-IDs for specific applications.
- Prepare policy updates to account for App-ID changes included in a content release or to add new sanctioned applications to or remove applications from your whitelist rules.
Maintain the Rulebase
Maintain the Rulebase Because applications are always evolving, your application whitelist will need to evolve also. Each time you make a change in what applications ...
Manage New App-IDs Introduced in Content Releases
Manage New App-IDs Introduced in Content Releases Installing new App-IDs included in a content release version can sometimes cause a change in policy enforcement for ...
Prepare Policy Updates for Pending App-IDs
Prepare Policy Updates for Pending App-IDs You can now stage seamless policy updates for new App-IDs. Release versions prior to PAN-OS 7.0 required you to ...
Disable or Enable App-IDs
Disable or Enable App-IDs Disable new App-IDs included in a content release to immediately benefit from protection against the latest threats while continuing to have ...
Review New App-ID Impact on Existing Policy Rules
Review New App-ID Impact on Existing Policy Rules Select Device Dynamic Updates . You can review the policy impact of new content release versions that ...
Follow Post-Deployment Data Center Best Practices
This checklist shows you how to monitor and maintain your best practice data center deployment to keep your network safe as applications and circumstances evolve. ...
Review New App-IDs Since Last Content Version
Review New App-IDs Since Last Content Version Select Device Dynamic Updates and select Check Now to refresh the list of available content updates. Download the ...
Best Practices for Application and Threats Content Updates
Learn the best practices for keeping applications and threats content signatures up-to-date seamlessly. ...
Review New App-IDs
Review New App-IDs Review new App-ID signatures introduced in a Applications and/or Threats content update. For each new application signature introduced, you can preview the ...