Focus

Next-Generation Firewall

Disable and Enable App-IDs

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1 (EoL)
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Monitor New App-IDs

Enable and Monitor App-ID TSIDs

Disable and Enable App-IDs

Policy rules only enforce based on matching App-IDs. Some App-IDs can't be disabled, and disabling base App-IDs affects dependent ones.

Where Can I Use This?	What Do I Need?
Prisma Access Next-Generation Firewall	This is a core Network Security feature for NGFWs and Prisma Access; no prerequisites needed.

You can disable all App-IDs introduced in a content release if you want to immediately benefit from the latest threat prevention, and plan to enable the App-IDs later, and you can disable App-IDs for specific applications.

Policy rules referencing App-IDs only match to and enforce traffic based on enabled App-IDs.

Certain App-IDs cannot be disabled and only allow a status of enabled. App-IDs that cannot be disabled include application signatures that are implicitly used by other App-IDs (such as unknown-tcp). Disabling a base App-ID could cause App-IDs which depend on the base App-ID to also be disabled. For example, disabling facebook-base will disable all other Facebook App-IDs.

Disable all App-IDs in a content release or for scheduled content updates.
While this option allows you to be protected against threats, by giving you the option to enable the App-ID at a later time, Palo Alto Networks recommends that instead of disabling App-IDs on a regular basis, you should instead configure a security policy rule to Temporarily Allow New App-IDs. This rule will always allow the new App-IDs introduced in only the latest content release. Because content updates that include new App-IDs are released only once a month, this gives you time to assess the new App-IDs and adjust your security policy to cover the new App-IDs if needed, all the while ensuring that availability for critical applications is not affected.
- To disable all new App-IDs introduced in a content release, select DeviceDynamic Updates and Install an Application and Threats content release. When prompted, select Disable new apps in content update. Select the check box to disable apps and continue installing the content update.
- On the DeviceDynamic Updates page, select Schedule. Choose to Disable new apps in content update for downloads and installations of content releases.
Disable App-IDs for one application or multiple applications at a single time.
- To quickly disable a single application or multiple applications at the same time, click ObjectsApplications. Select one or more application check box and click Disable.
- To review details for a single application, and then disable the App-ID for that application, select ObjectsApplications and Disable App-ID. You can use this step to disable both pending App-IDs (where the content release including the App-ID is downloaded to the firewall but not installed) or installed App-IDs.
Enable App-IDs.
Enable App-IDs that you previously disabled by selecting ObjectsApplications. Select one or more application check box and click Enable or open the details for a specific application and click Enable App-ID.

Monitor New App-IDs

Enable and Monitor App-ID TSIDs

Next-Generation Firewall Docs

Disable and Enable App-IDs

Next-Generation Firewall Docs

Disable and Enable App-IDs

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner