App-ID Features
Focus
Focus

App-ID Features

Table of Contents

App-ID Features

What new App-ID features are in PAN-OS 11.2?
The following section describes new App-ID features introduced in PAN-OS 11.2.

Additional HTTP Header Logging for More Tenant-Level Detection

July 2024
  • Introduced in PAN-OS 11.2.1.
For certain discovered applications, SaaS Security Inline can detect the specific application tenants that users are accessing. SaaS Security Inline displays these tenant details, and you can submit policy rule recommendations at the tenant level. This tenant-level detection and control is available only for select applications.
To support tenant-level detection and control for more applications, PAN-OS 11.2.1 introduces a new setting to enable additional HTTP header logging. When additional HTTP header logging is enabled, the firewall logs more information about the applications to Strata Logging Service. This additional information enables SaaS Security Inline to detect the individual application tenants for the following applications:
  • Microsoft Outlook
  • Microsoft OneNote
  • Dropbox
  • MS Powerapps
  • Microsoft Teams
  • Windows Azure
Because SaaS Security Inline is the only consumer of this information, and because you might not require tenant-level policies for these applications, the additional header logging is disabled by default. To enable the additional HTTP header logging on the firewall:
  1. Select DEVICESetupACE.
  2. Under SaaS Inline Settings, Enable Additional HTTP Header Logging.
Within 24 hours after the additional logs are available in Strata Logging Service, SaaS Security Inline will be able to detect the individual tenants for the applications, and you will be able to submit tenant-level policy recommendations in SaaS Security Inline for the applications.

Explicit Proxy Support for Advanced Services

September 2024
  • Introduced in PAN-OS 11.2.3.
Palo Alto Networks now provides support for Advanced cloud-based features (including, but not limited to Precision AI™ optimized features such as Advanced WildFire: Inline Cloud Analysis, Advanced Threat Prevention: Inline Cloud Analysis, Inline Deep Learning Analysis for Advanced URL Filtering; as well as App-ID Cloud Engine, and Enterprise DLP) when using an explicit proxy as part of a customer's network security infrastructure. Previously, access to various components of advanced security subscriptions required direct internet connectivity, preventing users from maximizing the feature set of their advanced cloud services when internet traffic is handled by an explicit proxy server, which could leave them vulnerable to certain security threats. When Explicit Proxy Support for Advanced Services is enabled, the firewall initiates and completes a proxy handshake and authentication procedures to establish connection to the specified proxy server, which subsequently forwards traffic to the Palo Alto Networks Advanced cloud service servers via the proxy.
For more information about enabling explicit proxy support for advanced services, refer to the configuration documentation for enabling the specific advanced subscription service.