Disable and Enable App-IDs

You can disable all App-IDs introduced in a content release if you want to immediately benefit from the latest threat prevention, and plan to enable the App-IDs later, and you can disable App-IDs for specific applications.
Policy rules referencing App-IDs only match to and enforce traffic based on enabled App-IDs.
Certain App-IDs cannot be disabled and only allow a status of enabled. App-IDs that cannot be disabled include application signatures that are implicitly used by other App-IDs (such as unknown-tcp). Disabling a base App-ID could cause App-IDs which depend on the base App-ID to also be disabled. For example, disabling facebook-base will disable all other Facebook App-IDs.
  • Disable all App-IDs in a content release or for scheduled content updates.
    While this option allows you to be protected against threats, by giving you the option to enable the App-ID at a later time, Palo Alto Networks recommends that instead of disabling App-IDs on a regular basis, you should instead configure a security policy rule to Temporarily Allow New App-IDs. This rule will always allow the new App-IDs introduced in only the latest content release. Because content updates that include new App-IDs are released only once a month, this gives you time to assess the new App-IDs and adjust your security policy to cover the new App-IDs if needed, all the while ensuring that availability for critical applications is not affected.
    • To disable all new App-IDs introduced in a content release, select
      Device
      Dynamic Updates
      and
      Install
      an Application and Threats content release. When prompted, select
      Disable new apps in content update
      . Select the check box to disable apps and continue installing the content update.
    • On the
      Device
      Dynamic Updates
      page, select
      Schedule
      . Choose to
      Disable new apps in content update
      for downloads and installations of content releases.
  • Disable App-IDs for one application or multiple applications at a single time.
    • To quickly disable a single application or multiple applications at the same time, click
      Objects
      Applications
      . Select one or more application check box and click
      Disable
      .
    • To review details for a single application, and then disable the App-ID for that application, select
      Objects
      Applications
      and
      Disable App-ID
      . You can use this step to disable both pending App-IDs (where the content release including the App-ID is downloaded to the firewall but not installed) or installed App-IDs.
  • Enable App-IDs.
    Enable App-IDs that you previously disabled by selecting
    Objects
    Applications
    . Select one or more application check box and click
    Enable
    or open the details for a specific application and click
    Enable App-ID
    .

Related Documentation