End-of-Life (EoL)

Ensure Critical New App-IDs are Allowed

New App-IDs can cause a change in policy enforcement for traffic that is newly-identified as belonging to a certain application. You can now add the predefined
New App-ID
application filter to a security policy rule in order to use only new App-IDs as match criteria for the rule. You can choose to enforce all new App-IDs, or target the security policy rule to enforce certain types of new App-IDs (for example, enforce only authentication or software development applications). Set the security policy rule to
to ensure that even if an App-ID release introduces expanded or more precise coverage for critical applications, the firewall continues to allow them. New App-IDs are released on the third Tuesday of every month, and the application filter provides coverage for only those applications in the latest release. This gives you a month’s time (or, if the firewall is not installing content updates on a schedule, until the next time you manually install content) to assess how newly-categorized applications might impact security policy enforcement and make any necessary adjustments.
  1. Select
    Application Filters
    a new application filter.
  2. Define the types of new applications for which you want to ensure constant availability based on subcategory or characteristic. For example, select the category “auth-service” to ensure that any newly-installed applications that are known to perform or support authentication are allowed.
  3. Only after narrowing the types of new applications that you want to allow immediately upon installation, select
    Apply to New App-IDs only
  4. Select
    and add or edit a security policy rule that is configured to allow matching traffic.
  5. Select
    and add the new
    Application Filter
    to the policy rule as match criteria.
  6. Click
    to save your changes.
  7. To continue to adjust your security policy to account for any changes to enforcement that new App-IDs introduce:

Recommended For You