New and modified App-IDs are delivered to the firewall as part of Applications and Threat Content Updates. While new and modified App-IDs enable the firewall to enforce your security policy with ever-increasing precision, changes in security policy enforcement that can occur when a content update release is installed can impact application availability. For this reason, you will need to think about how to best deploy content updates so that you can get the latest threat prevention as it’s made available, and adjust your security policy to best leverage new and modified App-IDs.

To aid in managing new and modified App-IDs you can take advantage of application tags provided in the content updates. These tags group applications with common attributes so you can use a single policy to manage applications without requiring you to review or update policy whenever new applications are added. Use the following procedures to use application tags:

For applications not tagged, the following options enable you to assess the impact of new App-IDs on existing policy enforcement, disable (and enable) App-IDs, and seamlessly update policy rules to secure and enforce newly-identified applications: