Ensure Critical New App-IDs are Allowed
Create a security policy rule that allows critical App-IDs (like authentication or software development applications) as they’re installed. This gives you the flexibility to get the latest threat prevention without worrying about how the accompanying new App-IDs impact security policy enforcement.
New App-IDs can cause a change in policy enforcement for traffic that is newly-identified as belonging to a certain application. To mitigate any impact to security policy enforcement, you can use the
New App-IDcharacteristic in a security policy rule so that the rule always enforces the most recently introduced App-IDs without requiring you to make configuration changes when new App-IDs are installed. The New App-ID characteristic always matches to only the new App-IDs in the most recently installed content releases. When a new content release is installed, the new App-ID characteristic automatically begins to match only to the new App-IDs in that content release version.
You can choose to enforce all new App-IDs, or target the security policy rule to enforce certain types of new App-IDs that might have network-wide or critical impact (for example, enforce only authentication or software development applications). Set the security policy rule to
Allowto ensure that even if an App-ID release introduces expanded or more precise coverage for critical applications, the firewall continues to allow them.
New App-IDs are released monthly, so a policy rule that allows the latest App-IDs gives you a month’s time (or, if the firewall is not installing content updates on a schedule, until the next time you manually install content) to assess how newly-categorized applications might impact security policy enforcement and make any necessary adjustments.
- SelectandObjectsApplication FiltersAdda new application filter.
- Define the types of new applications for which you want to ensure constant availability based on subcategory or characteristic. For example, select the category “auth-service” to ensure that any newly-installed applications that are known to perform or support authentication are allowed.
- Only after narrowing the types of new applications that you want to allow immediately upon installation, selectApply to New App-IDs only.
- Selectand add or edit a security policy rule that is configured to allow matching traffic.PoliciesSecurity
- SelectApplicationand add the newApplication Filterto the policy rule as match criteria.
- ClickOKandCommitto save your changes.
- To continue to adjust your security policy to account for any changes to enforcement that new App-IDs introduce:
- Monitor New App-IDs—Monitor and get reports on new App-ID activity.