You can review the policy impact of new content release
versions that are downloaded to the firewall.
new content release version, and click the
the Action column. The
Policy review based on candidate
dialog allows you to filter by
and view App-IDs introduced in a specific release
(you can also filter the policy impact of new App-IDs according
Select a new App-ID from the
to view policy rules that currently enforce the application. The
rules displayed are based on the applications signatures that match
to the application before the new App-ID is installed (view application
details to see the list of application signatures that an application
Previously Identified As
before the new
Use the detail provided in the policy review to plan
policy rule updates to take effect when the App-ID is installed
and enabled to uniquely identify the application.
You can continue to Prepare Policy Updates for Pending App-IDs, or you can directly add the new App-ID to policy rules that
the application was previously matched to by continuing to use the
policy review dialog.
In the following example, the new App-ID
adobe-cloud is introduced in a content release. Adobe-cloud traffic
is currently identified as SSL and web-browsing traffic. Policy
rules configured to enforce SSL or web-browsing traffic are listed
to show what policy rules will be affected when the new App-ID is
installed. In this example, the rule Allow SSL App currently enforces
SSL traffic. To continue to allow adobe-cloud traffic when it is
uniquely identified, and no longer identified as SSL traffic.
the new App-ID to existing policy
rules, to allow the application traffic to continue to be enforced
according to your existing security requirements when the App-ID
In this example, to continue to allow adobe-cloud
traffic when it is uniquely identified by the new App-ID, and no
longer identified as SSL traffic, add the new App-ID to the security
policy rule Allow SSL App.
rule updates take effect only when the application updates are installed.