Focus

Next-Generation Firewall

Streamlined App-ID Policy Rules

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1 (EoL)
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

App-ID Overview

App-ID and HTTP/2 Inspection

Streamlined App-ID Policy Rules

Policy rules for App-IDs using new content delivered tags.

Where Can I Use This?	What Do I Need?
Prisma Access Next-Generation Firewall	This is a core Network Security feature for NGFWs and Prisma Access; no prerequisites needed.

Safely enable a broad set of applications with common attributes using a single policy rule (for example, give your users broad access to web-based applications or safely enable all enterprise VoIP applications). Palo Alto Networks takes on the task of researching applications with common attributes and delivers this through tags in dynamic content updates. This:

Minimizes errors and saves time.
Helps you to create policies that automatically update to handle newly released applications.
Simplifies the transition toward an App-ID based rule set using Policy Optimizer.

Your firewall can then use your tag-based application filter to dynamically enforce new and updated App-IDs without requiring you to review or update policy rules whenever new applications are added. If you choose to exclude applications from a specific tag, new content updates honor those exclusions. You can also use your own tags to define applications types based on your policy requirements.

Create an Application Filter Using Tags
1. Create an application filter using one or more tags.
  If you select more than one tag, applications must match both tags to be included in the filter.
2. (Optional) Exclude tags from your filter by selecting the check box in the Exclude column.
3. Create a security policy rule and Add your new application filter on the Application tab.
4. Commit your changes.
Create an Application Filter Based on Custom Tags
1. Create a custom tag and apply to App-IDs.
  1. (Optional) Remove tags from an application.
  2. Filter or search for applications, then select the specific applications to remove tags.
  3. Edit Tags and select the tags to remove.
  4. Click OK.
2. Create an application filter using one or more tags.
  If you select more than one tag, applications must match both tags to be included in the filter.
3. Create a security policy rule and Add your new application filter on the Application tab.
4. Commit your changes.

App-ID Overview

App-ID and HTTP/2 Inspection

Next-Generation Firewall Docs

Streamlined App-ID Policy Rules

Next-Generation Firewall Docs

Streamlined App-ID Policy Rules

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner