Remove Deleted SaaS Policy Recommendation

When a SaaS Security administrator pushes Security policy rule recommendations to a PAN-OS appliance, the PAN-OS administrator can import those rules to gain visibility into and control of the applications in the policy recommendation. However, if the SaaS Security administrator deletes the rule, you should also delete that rule from the PAN-OS appliance.
When a SaaS Security administrator deletes a rule, the
Active Recommendation
column shows the value
removed
(for valid rules, the value is
active
).
  1. Select a rule that the SaaS Security administrator
    removed
    (you can select only one rule to remove at a time).
    The
    Import Policy Rule
    option is grayed out because the rule can no longer be imported.
  2. Click
    Remove Recommendation Mapping
    .
    This removes local mapping of the Security policy rule on the firewall. For example, mappings to locations, users, and the rule are deleted. The
    Remove Recommendation Mapping
    dialog box shows you the location of the rule so that you know from where the rule is removed.
  3. Click
    OK
    .
  4. In the
    Confirm Change
    dialog, click
    Yes
    to remove the rule from the policy recommendation database.
    This action only removes the rule from the policy recommendation rule list. It does NOT remove the rule from the Security policy rulebase. You must manually remove the rule from the rulebase.
  5. A
    Status
    dialog appears to confirm that the policy recommendation mapping has been removed, but you still need to remove the rule from the Security policy rulebase.
  6. Go to
    Policies
    Security
    and delete the rule from the Security policy rulebase.

Recommended For You