Next-Generation Firewall
See the New and Modified App-IDs in a Content Release
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
See the New and Modified App-IDs in a Content Release
Content updates provide lists of new/modified App-IDs with full details, while
changes affecting network-wide services like LDAP or IKE are flagged for policy
review.
Where Can I Use This? | What Do I Need? |
---|---|
|
This is a core Network Security feature for NGFWs and Prisma
Access; no prerequisites needed.
|
- Select DeviceDynamic Updates and select Check Now to refresh the list of available content updates.For either a downloaded or currently installed content release, click Review Apps link in the Actions column to view details on newly-identified and modified applications in that release:Review the App-IDs this content release introduces or modifies since the last content version.New and modified App-IDs are listed separately. Full application details are provided for each, and App-IDs that Palo Alto Networks foresees as having network-wide impact are flagged as recommended for policy review.New App-ID details that you can use to assess possible impact to policy enforcement include:
- Depends on—Lists the application signatures that this App-ID relies on to uniquely identify the application. If one of the application signatures listed in the Depends On field is disabled, the dependent App-ID is also disabled.
- Previously Identified As—Lists the App-IDs that matched to the application before the new App-ID was installed to uniquely identify the application.
- App-ID Enabled—All App-IDs display as enabled when a content release is downloaded, unless you choose to manually disable the App-ID signature before installing the content update.
For modified App-IDs, details include information on: Expanded Coverage, Remove False Positive, and application metadata changes. The Expanded Coverage and Remove False Positive fields both indicate how the application’s coverage has changed (it’s either more comprehensive or has been narrowed) and a clock icon indicates a metadata change, where certain application details are updated.Based on your findings, click Review Policies to see how the new and modified App-IDs impact security policy enforcement: See How New and Modified App-IDs Impact Your Security Policy.