Focus

Next-Generation Firewall

Remove Deleted SaaS Policy Recommendation

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1 (EoL)
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Import Updated SaaS Policy Recommendation

Application Level Gateways

Remove Deleted SaaS Policy Recommendation

Policy recommendations from SaaS Security can be imported by to NGFWs manage applications, but corresponding rules should also be deleted from NGFWs when removed in SaaS Security.

Where Can I Use This?	What Do I Need?
Prisma Access Next-Generation Firewall	This is a core Network Security feature for NGFWs and Prisma Access; no prerequisites needed.

When a SaaS Security administrator pushes Security policy rule recommendations to a PAN-OS appliance, the PAN-OS administrator can import those rules to gain visibility into and control of the applications in the policy recommendation. However, if the SaaS Security administrator deletes the rule, you should also delete that rule from the PAN-OS appliance.

When a SaaS Security administrator deletes a rule, the Active Recommendation column shows the value removed (for valid rules, the value is active).

Select a rule that the SaaS Security administrator removed (you can select only one rule to remove at a time).

The Import Policy Rule option is grayed out because the rule can no longer be imported.
Click Remove Recommendation Mapping.
This removes local mapping of the Security policy rule on the firewall. For example, mappings to locations, users, and the rule are deleted. The Remove Recommendation Mapping dialog box shows you the location of the rule so that you know from where the rule is removed.
Click OK.
In the Confirm Change dialog, click Yes to remove the rule from the policy recommendation database.

This action only removes the rule from the policy recommendation rule list. It does NOT remove the rule from the Security policy rulebase. You must manually remove the rule from the rulebase.
A Status dialog appears to confirm that the policy recommendation mapping has been removed, but you still need to remove the rule from the Security policy rulebase.
Go to PoliciesSecurity and delete the rule from the Security policy rulebase.

Import Updated SaaS Policy Recommendation

Application Level Gateways

Next-Generation Firewall Docs

Remove Deleted SaaS Policy Recommendation

Next-Generation Firewall Docs

Remove Deleted SaaS Policy Recommendation

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner