Learn how to delete SaaS rule recommendations.
| Where Can I Use This? | What Do I Need? |
|---|
- NGFW (Managed by Panorama or Strata Cloud Manager)
- Prisma Access (Managed by Panorama or Strata Cloud Manager)
|
- SaaS Security Inline license
- NGFW or Prisma Access license
Or any of the following licenses that include the SaaS Security Inline license:
|
You can delete any previously enabled recommendations. In doing so, the state of the
recommendation changes on the NGFW or Prisma Access from
active to removed.
However, for auditing reasons, the inactive recommendation persists in the NGFW web interface or Prisma Access web interface, even after the
NGFW administrator or Prisma Access administrator deletes the
associated policy rule.
If you’re able to modify the existing recommendation to meet your needs, do so instead of
deleting it because your NGFW administrator or Prisma Access
administrator must manually delete the policy rule, HIP objects, and HIP Profile
associated with the recommendation. The process is manual by design: for security
reasons, deleting a policy rule must be intentional.
If you're deleting a tenant-level policy recommendation,
there are potential side effects that you must communicate to your NGFW administrator. When a tenant-level policy recommendation is imported on the NGFW, an application group and one or more custom apps are also
created. These app objects identify the app tenants and user activities to detect.
Deleting the policy on the NGFW does not automatically delete these
app objects. Make sure your NGFW administrator understands that these
app objects must be manually deleted. If a custom app isn’t deleted, the custom app
will match other policy rules on the NGFW. As a result, unexpected
actions might be applied to the traffic described in the custom app.
