Focus

Next-Generation Firewall

See the New and Modified App-IDs in a Content Release

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Workflow to Best Incorporate New and Modified App-IDs

See How New and Modified App-IDs Impact Your Security Policy

See the New and Modified App-IDs in a Content Release

Content updates provide lists of new/modified App-IDs with full details, while changes affecting network-wide services like LDAP or IKE are flagged for policy review.

Where Can I Use This?	What Do I Need?
Prisma Access Next-Generation Firewall	This is a core Network Security feature for NGFWs and Prisma Access; no prerequisites needed.

For both downloaded and installed content updates, you can see a list of the new and modified App-IDs the update includes. Full application details are provided, and importantly, updates to applications with network-wide impact (for example, LDAP or IKE) are prominently flagged as a recommended for policy review. For modified App-IDs, application details also describe how coverage is either now expanded or more precise.

Select DeviceDynamic Updates and select Check Now to refresh the list of available content updates.
For either a downloaded or currently installed content release, click Review Apps link in the Actions column to view details on newly-identified and modified applications in that release:
Review the App-IDs this content release introduces or modifies since the last content version.
New and modified App-IDs are listed separately. Full application details are provided for each, and App-IDs that Palo Alto Networks foresees as having network-wide impact are flagged as recommended for policy review.

New App-ID details that you can use to assess possible impact to policy enforcement include:
- Depends on—Lists the application signatures that this App-ID relies on to uniquely identify the application. If one of the application signatures listed in the Depends On field is disabled, the dependent App-ID is also disabled.
- Previously Identified As—Lists the App-IDs that matched to the application before the new App-ID was installed to uniquely identify the application.
- App-ID Enabled—All App-IDs display as enabled when a content release is downloaded, unless you choose to manually disable the App-ID signature before installing the content update.
For modified App-IDs, details include information on: Expanded Coverage, Remove False Positive, and application metadata changes. The Expanded Coverage and Remove False Positive fields both indicate how the application’s coverage has changed (it’s either more comprehensive or has been narrowed) and a clock icon indicates a metadata change, where certain application details are updated.
Based on your findings, click Review Policies to see how the new and modified App-IDs impact security policy enforcement: See How New and Modified App-IDs Impact Your Security Policy.

Workflow to Best Incorporate New and Modified App-IDs

See How New and Modified App-IDs Impact Your Security Policy

Next-Generation Firewall Docs

See the New and Modified App-IDs in a Content Release

Next-Generation Firewall Docs

See the New and Modified App-IDs in a Content Release

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner