Disable and Enable App-IDs
You can disable all App-IDs introduced in a content release if you want to immediately benefit from the latest threat prevention, and plan to enable the App-IDs later, and you can disable App-IDs for specific applications.
Policy rules referencing App-IDs only match to and enforce traffic based on enabled App-IDs.
Certain App-IDs cannot be disabled and only allow a status of enabled. App-IDs that cannot be disabled include application signatures that are implicitly used by other App-IDs (such as unknown-tcp). Disabling a base App-ID could cause App-IDs which depend on the base App-ID to also be disabled. For example, disabling facebook-base will disable all other Facebook App-IDs.
- Disable all App-IDs in a content release
or for scheduled content updates.While this option allows you to be protected against threats, by giving you the option to enable the App-ID at a later time, Palo Alto Networks recommends that instead of disabling App-IDs on a regular basis, you should instead configure a security policy rule to Temporarily Allow New App-IDs. This rule will always allow the new App-IDs introduced in only the latest content release. Because content updates that include new App-IDs are released only once a month, this gives you time to assess the new App-IDs and adjust your security policy to cover the new App-IDs if needed, all the while ensuring that availability for critical applications is not affected.
- To disable all new App-IDs introduced in a content release, select DeviceDynamic Updates and Install an Application and Threats content release. When prompted, select Disable new apps in content update. Select the check box to disable apps and continue installing the content update.
- On the DeviceDynamic Updates page, select Schedule. Choose to Disable new apps in content update for downloads and installations of content releases.
- Disable App-IDs for one application or multiple applications
at a single time.
- To quickly disable a single application or multiple applications at the same time, click ObjectsApplications. Select one or more application check box and click Disable.
- To review details for a single application, and then disable the App-ID for that application, select ObjectsApplications and Disable App-ID. You can use this step to disable both pending App-IDs (where the content release including the App-ID is downloaded to the firewall but not installed) or installed App-IDs.
- Enable App-IDs.Enable App-IDs that you previously disabled by selecting ObjectsApplications. Select one or more application check box and click Enable or open the details for a specific application and click Enable App-ID.
Manage New App-IDs Introduced in Content Releases
Manage New and Modified App-IDs New and modified App-IDs are delivered to the firewall as part of Applications and Threat Content Updates Applications and Threats ...
Ensure Critical New App-IDs are Allowed
Create a security policy rule that allows critical App-IDs (like authentication or software development applications) as they’re installed. This gives you the flexibility to get ...
See the New and Modified App-IDs in a Content Release
See the New and Modified App-IDs in a Content Release For both downloaded and installed content updates, you can see a list of the new ...
Monitor New App-IDs
Get visibility into newly-categorized App-IDs on your network, so that you are best equipped to update your security policy to most effectively control application traffic. ...
New App-ID Characteristic
New App-ID Characteristic The New App-ID characteristic is now found throughout the firewall web interface; in several different contexts, it enables you to filter for ...
Workflow to Best Incorporate New and Modified App-IDs
Workflow to Best Incorporate New and Modified App-IDs Refer to this master workflow to first set up Application and Threat content updates, and then to ...
Maintain the Data Center Best Practice Rulebase
As conditions in your data center change, update the Security policy rulebase accordingly. Modify rules to control new and modified applications, protect new servers and ...
Ensure Critical New App-IDs are Allowed
Ensure Critical New App-IDs are Allowed New App-IDs can cause a change in policy enforcement for traffic that is newly-identified as belonging to a certain ...
Maintain the Rulebase
Maintain the Rulebase Because applications are always evolving, your application whitelist also needs to evolve. Each time you make a change in what applications you ...