Manage New and Modified App-IDs
New and modified App-IDs are delivered to the firewall
as part of
Applications
and Threat Content Updates. While new and modified App-IDs
enable the firewall to enforce your security policy with ever-increasing precision,
changes in security policy enforcement that can occur when a content update
release is installed can impact application availability. For this
reason, you will need to think about how to best deploy content
updates so that you can get the latest threat prevention as it’s
made available, and adjust your security policy to best leverage
new and modified App-IDs.
To aid in managing new and modified App-IDs you can take advantage
of application tags provided in the content updates. These tags
group applications with common attributes so you can use a single
policy to manage applications without requiring you to review or
update policy whenever new applications are added. Use the following
procedures to use application tags:
For applications not tagged, the following options enable you
to assess the impact of new App-IDs on existing policy enforcement,
disable (and enable) App-IDs, and seamlessly update policy rules
to secure and enforce newly-identified applications: