You can disable all App-IDs introduced in
a content release if you want to immediately benefit from the latest
threat prevention, and plan to enable the App-IDs later, and you
can disable App-IDs for specific applications.
referencing App-IDs only match to and enforce traffic based on enabled
Certain App-IDs cannot be disabled and only allow
a status of enabled. App-IDs that cannot be disabled include application
signatures that are implicitly used by other App-IDs (such as unknown-tcp).
Disabling a base App-ID could cause App-IDs which depend on the
base App-ID to also be disabled. For example, disabling facebook-base
will disable all other Facebook App-IDs.
Disable all App-IDs in a content release
or for scheduled content updates.
While this option allows you to be protected against threats, by
giving you the option to enable the App-ID at a later time, Palo
Alto Networks recommends that instead of disabling App-IDs on a
regular basis, you should instead configure a security policy rule
Allow New App-IDs. This rule will always allow the new App-IDs introduced
in only the latest content release. Because content updates that include
new App-IDs are released only once a month, this gives you time
to assess the new App-IDs and adjust your security policy to cover
the new App-IDs if needed, all the while ensuring that availability
for critical applications is not affected.
all new App-IDs introduced in a content release, select
Application and Threats content release. When prompted, select
apps in content update
. Select the check box to disable
apps and continue installing the content update.
. Choose to
new apps in content update
for downloads and installations
of content releases.
Disable App-IDs for one application or multiple applications
at a single time.
To quickly disable a single application or multiple
applications at the same time, click
. Select one or
more application check box and click
To review details for a single application, and then disable the
App-ID for that application, select
. You can use this step to disable both pending
App-IDs (where the content release including the App-ID is downloaded
to the firewall but not installed) or installed App-IDs.
Enable App-IDs that you previously disabled by selecting
Select one or more application check box and click
open the details for a specific application and click