You can review the policy impact of new content release
versions that are downloaded to the firewall.
new content release version, and click the
the Action column. The
Policy review based on candidate
dialog allows you to filter by
and view App-IDs introduced in a specific release
(you can also filter the policy impact of new App-IDs according
Select a new App-ID from the
to view policy rules that currently enforce the application. The
rules displayed are based on the applications signatures that match
to the application before the new App-ID is installed (view application
details to see the list of application signatures that an application
Previously Identified As
before the new
Use the detail provided in the policy review to plan
policy rule updates to take effect when the App-ID is installed
and enabled to uniquely identify the application.
You can continue to Prepare Policy Updates for Pending App-IDs,
or you can directly add the new App-ID to policy rules that the
application was previously matched to by continuing to use the policy
In the following example, the new App-ID adobe-cloud
is introduced in a content release. Adobe-cloud traffic is currently
identified as SSL and web-browsing traffic. Policy rules configured
to enforce SSL or web-browsing traffic are listed to show what policy
rules will be affected when the new App-ID is installed. In this
example, the rule Allow SSL App currently enforces SSL traffic.
To continue to allow adobe-cloud traffic when it is uniquely identified,
and no longer identified as SSL traffic.
the new App-ID to existing policy rules, to
allow the application traffic to continue to be enforced according
to your existing security requirements when the App-ID is installed.
this example, to continue to allow adobe-cloud traffic when it is
uniquely identified by the new App-ID, and no longer identified
as SSL traffic, add the new App-ID to the security policy rule Allow
policy rule updates take effect only when the application updates