When a SaaS Security administrator pushes
Security policy rule recommendations to a PAN-OS appliance, the
PAN-OS administrator can import those rules to gain visibility into
and control of the applications in the policy recommendation. However,
if the SaaS Security administrator deletes the rule, you should also
delete that rule from the PAN-OS appliance.
When a SaaS Security
administrator deletes a rule, the Active Recommendation column
shows the value removed (for valid rules,
the value is active).