Disable and Enable App-IDs
You can disable all App-IDs introduced in a content release if you want to immediately benefit from the latest threat prevention, and plan to enable the App-IDs later, and you can disable App-IDs for specific applications.
Policy rules referencing App-IDs only match to and enforce traffic based on enabled App-IDs.
Certain App-IDs cannot be disabled and only allow a status of enabled. App-IDs that cannot be disabled include application signatures that are implicitly used by other App-IDs (such as unknown-tcp). Disabling a base App-ID could cause App-IDs which depend on the base App-ID to also be disabled. For example, disabling facebook-base will disable all other Facebook App-IDs.
- Disable all App-IDs in a content release or for scheduled content updates.While this option allows you to be protected against threats, by giving you the option to enable the App-ID at a later time, Palo Alto Networks recommends that instead of disabling App-IDs on a regular basis, you should instead configure a security policy rule to Temporarily Allow New App-IDs. This rule will always allow the new App-IDs introduced in only the latest content release. Because content updates that include new App-IDs are released only once a month, this gives you time to assess the new App-IDs and adjust your security policy to cover the new App-IDs if needed, all the while ensuring that availability for critical applications is not affected.
- To disable all new App-IDs introduced in a content release, selectandDeviceDynamic UpdatesInstallan Application and Threats content release. When prompted, selectDisable new apps in content update. Select the check box to disable apps and continue installing the content update.
- On thepage, selectDeviceDynamic UpdatesSchedule. Choose toDisable new apps in content updatefor downloads and installations of content releases.
- Disable App-IDs for one application or multiple applications at a single time.
- To quickly disable a single application or multiple applications at the same time, click. Select one or more application check box and clickObjectsApplicationsDisable.
- To review details for a single application, and then disable the App-ID for that application, selectandObjectsApplicationsDisable App-ID. You can use this step to disable both pending App-IDs (where the content release including the App-ID is downloaded to the firewall but not installed) or installed App-IDs.
- Enable App-IDs.Enable App-IDs that you previously disabled by selecting. Select one or more application check box and clickObjectsApplicationsEnableor open the details for a specific application and clickEnable App-ID.
Manage New App-IDs Introduced in Content Releases
Manage New and Modified App-IDs New and modified App-IDs are delivered to the firewall as part of Applications and Threat Content Updates Applications and Threats ...
Ensure Critical New App-IDs are Allowed
Create a security policy rule that allows critical App-IDs (like authentication or software development applications) as they’re installed. This gives you the flexibility to get ...
See the New and Modified App-IDs in a Content Release
See the New and Modified App-IDs in a Content Release For both downloaded and installed content updates, you can see a list of the new ...
Monitor New App-IDs
Get visibility into newly-categorized App-IDs on your network, so that you are best equipped to update your security policy to most effectively control application traffic. ...
Workflow to Best Incorporate New and Modified App-IDs
Workflow to Best Incorporate New and Modified App-IDs Refer to this master workflow to first set up Application and Threat content updates, and then to ...
Maintain the Data Center Best Practice Rulebase
As conditions in your data center change, update the Security policy rulebase accordingly. Modify rules to control new and modified applications, protect new servers and ...
Maintain the Rulebase
Maintain the Rulebase Because applications are always evolving, your application whitelist also needs to evolve. Each time you make a change in what applications you ...
Best Practices for Content Updates—Mission-Critical
Follow these best practices to deploying content updates in a mission-critical network, where application availability is top priority. ...
App-ID To safely enable applications on your network, the Palo Alto Networks next-generation firewalls provide both an application and web perspective—App-ID and URL Filtering—to protect ...