Safely enable a broad set of applications with common attributes using a single policy rule (for example, give your users broad access to web-based applications or safely enable all enterprise VoIP applications). Palo Alto Networks takes on the task of researching applications with common attributes and delivers this through tags in dynamic content updates. This:

Your firewall can then use your tag-based application filter to dynamically enforce new and updated App-IDs without requiring you to review or update policy rules whenever new applications are added. If you choose to exclude applications from a specific tag, new content updates honor those exclusions. You can also use your own tags to define applications types based on your policy requirements.