Network Security
Create an Application Filter (PAN-OS & Panorama)
Table of Contents
Create an Application Filter (PAN-OS & Panorama)
Use application filters to dynamically group applications based on application
attributes that you define.
An application filter is an object that dynamically groups applications based on
application attributes that you define, including category, subcategory, technology,
risk factor, and characteristic. This is useful when you want to safely enable
access to applications that you do not explicitly sanction, but that you want users
to be able to access. For example, you may want to enable employees to choose their
own office programs (such as Evernote, Google Docs, or Microsoft Office 365) for
business use. To safely enable these types of applications, you could create an
application filter that matches on the Category
business-systems and the Subcategory
office-programs. As new applications office programs
emerge and new App-IDs get created, these new applications will automatically match
the filter you defined; you will not have to make any additional changes to your
policy rulebase to safely enable any application that matches the attributes you
defined for the filter.
- Select .Add a filter and give it a descriptive Name.(Optional) Select Shared to create the object in a shared location for access as a shared object in Panorama or for use across all virtual systems in a multiple virtual system firewall.Define the filter by selecting attribute values from the Category, Subcategory, Technology, Risk, Characteristic, and Tags sections. (Tags can streamline Security rule creation and maintenance). As you select values, notice that the list of matching applications at the bottom of the dialog narrows. When you have adjusted the filter attributes to match the types of applications you want to safely enable, click OK.
![]()
Commit the configuration.
