Create an Application Filter
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Create an Application Filter
An application filter is an object that dynamically
groups applications based on application attributes that you define,
including category, subcategory, technology, risk factor, and characteristic.
This is useful when you want to safely enable access to applications
that you do not explicitly sanction, but that you want users to
be able to access. For example, you may want to enable employees
to choose their own office programs (such as Evernote, Google Docs,
or Microsoft Office 365) for business use. To safely enable these
types of applications, you could create an application filter that
matches on the Category business-systems and
the Subcategory office-programs. As new applications
office programs emerge and new App-IDs get created, these new applications
will automatically match the filter you defined; you will not have
to make any additional changes to your policy rulebase to safely
enable any application that matches the attributes you defined for
the filter.
- Select ObjectsApplication Filters.Add a filter and give it a descriptive Name.(Optional) Select Shared to create the object in a shared location for access as a shared object in Panorama or for use across all virtual systems in a multiple virtual system firewall.Define the filter by selecting attribute values from the Category, Subcategory, Technology, Risk, Characteristic, and Tags sections. (Tags can streamline Security policy rule creation and maintenance). As you select values, notice that the list of matching applications at the bottom of the dialog narrows. When you have adjusted the filter attributes to match the types of applications you want to safely enable, click OK.Commit the configuration.