Review New App-ID Impact on Existing Policy Rules

  1. Select DeviceDynamic Updates.
  2. You can review the policy impact of new content release versions that are downloaded to the firewall. Download a new content release version, and click the Review Policies in the Action column. The Policy review based on candidate configuration dialog allows you to filter by Content Version and view App-IDs introduced in a specific release (you can also filter the policy impact of new App-IDs according to Rulebase and Virtual System).
  3. Select a new App-ID from the Application drop-down to view policy rules that currently enforce the application. The rules displayed are based on the applications signatures that match to the application before the new App-ID is installed (view application details to see the list of application signatures that an application was Previously Identified As before the new App-ID).
  4. Use the detail provided in the policy review to plan policy rule updates to take effect when the App-ID is installed and enabled to uniquely identify the application.
    You can continue to Prepare Policy Updates for Pending App-IDs, or you can directly add the new App-ID to policy rules that the application was previously matched to by continuing to use the policy review dialog.
    In the following example, the new App-ID adobe-cloud is introduced in a content release. Adobe-cloud traffic is currently identified as SSL and web-browsing traffic. Policy rules configured to enforce SSL or web-browsing traffic are listed to show what policy rules will be affected when the new App-ID is installed. In this example, the rule Allow SSL App currently enforces SSL traffic. To continue to allow adobe-cloud traffic when it is uniquely identified, and no longer identified as SSL traffic.
    policy-review-1.png
    Add add_icon.png the new App-ID to existing policy rules, to allow the application traffic to continue to be enforced according to your existing security requirements when the App-ID is installed.
    In this example, to continue to allow adobe-cloud traffic when it is uniquely identified by the new App-ID, and no longer identified as SSL traffic, add the new App-ID to the security policy rule Allow SSL App.
    policy-review-2.png
    The policy rule updates take effect only when the application updates are installed.
  5. Next steps:

Related Documentation