Focus

Ensure Critical New App-IDs are Allowed

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

See How New and Modified App-IDs Impact Your Security Policy

Monitor New App-IDs

Ensure Critical New App-IDs are Allowed

Create a security policy rule that allows critical App-IDs (like authentication or software development applications) as they’re installed. This gives you the flexibility to get the latest threat prevention without worrying about how the accompanying new App-IDs impact security policy enforcement.

New App-IDs can cause a change in policy enforcement for traffic that is newly-identified as belonging to a certain application. To mitigate any impact to security policy enforcement, you can use the New App-ID characteristic in a security policy rule so that the rule always enforces the most recently introduced App-IDs without requiring you to make configuration changes when new App-IDs are installed. The New App-ID characteristic always matches to only the new App-IDs in the most recently installed content releases. When a new content release is installed, the new App-ID characteristic automatically begins to match only to the new App-IDs in that content release version.

You can choose to enforce all new App-IDs, or target the security policy rule to enforce certain types of new App-IDs that might have network-wide or critical impact (for example, enforce only authentication or software development applications). Set the security policy rule to Allow to ensure that even if an App-ID release introduces expanded or more precise coverage for critical applications, the firewall continues to allow them.

New App-IDs are released monthly, so a policy rule that allows the latest App-IDs gives you a month’s time (or, if the firewall is not installing content updates on a schedule, until the next time you manually install content) to assess how newly-categorized applications might impact security policy enforcement and make any necessary adjustments.

Select ObjectsApplication Filters and Add a new application filter.
Define the types of new applications for which you want to ensure constant availability based on subcategory or characteristic. For example, select the category “auth-service” to ensure that any newly-installed applications that are known to perform or support authentication are allowed.
Only after narrowing the types of new applications that you want to allow immediately upon installation, select Apply to New App-IDs only.
Select PoliciesSecurity and add or edit a security policy rule that is configured to allow matching traffic.
Select Application and add the new Application Filter to the policy rule as match criteria.
Click OK and Commit to save your changes.
To continue to adjust your security policy to account for any changes to enforcement that new App-IDs introduce:
- Monitor New App-IDs—Monitor and get reports on new App-ID activity.
- See the New and Modified App-IDs in a Content Release—See how the newly-installed App-IDs impact your existing security policy rules.

See How New and Modified App-IDs Impact Your Security Policy

Monitor New App-IDs

Next-Generation Firewall Docs

Ensure Critical New App-IDs are Allowed

Next-Generation Firewall Docs

Ensure Critical New App-IDs are Allowed

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner