End-of-Life (EoL)

Review New App-ID Impact on Existing Policy Rules

  1. Select
    Dynamic Updates
  2. You can review the policy impact of new content release versions that are downloaded to the firewall.
    a new content release version, and click the
    Review Policies
    in the Action column. The
    Policy review based on candidate configuration
    dialog allows you to filter by
    Content Version
    and view App-IDs introduced in a specific release (you can also filter the policy impact of new App-IDs according to
    Virtual System
  3. Select a new App-ID from the
    drop-down to view policy rules that currently enforce the application. The rules displayed are based on the applications signatures that match to the application before the new App-ID is installed (view application details to see the list of application signatures that an application was
    Previously Identified As
    before the new App-ID).
  4. Use the detail provided in the policy review to plan policy rule updates to take effect when the App-ID is installed and enabled to uniquely identify the application.
    You can continue to Prepare Policy Updates for Pending App-IDs, or you can directly add the new App-ID to policy rules that the application was previously matched to by continuing to use the policy review dialog.
    In the following example, the new App-ID adobe-cloud is introduced in a content release. Adobe-cloud traffic is currently identified as SSL and web-browsing traffic. Policy rules configured to enforce SSL or web-browsing traffic are listed to show what policy rules will be affected when the new App-ID is installed. In this example, the rule Allow SSL App currently enforces SSL traffic. To continue to allow adobe-cloud traffic when it is uniquely identified, and no longer identified as SSL traffic.
    Add the new App-ID to existing policy rules, to allow the application traffic to continue to be enforced according to your existing security requirements when the App-ID is installed.
    In this example, to continue to allow adobe-cloud traffic when it is uniquely identified by the new App-ID, and no longer identified as SSL traffic, add the new App-ID to the security policy rule Allow SSL App.
    The policy rule updates take effect only when the application updates are installed.
    Next Steps...

Recommended For You