You can delete any previously enabled recommendations. In doing so, the state of the recommendation changes on the NGFW or Prisma Access from active to removed. However, for auditing reasons, the inactive recommendation persists in the NGFW web interface or Prisma Access web interface, even after the NGFW administrator or Prisma Access administrator deletes the associated policy rule.

If you’re able to modify the existing recommendation to meet your needs, do so instead of deleting it because your NGFW administrator or Prisma Access administrator must manually delete the policy rule, HIP objects, and HIP Profile associated with the recommendation. The process is manual by design: for security reasons, deleting a policy rule must be intentional.

If you're deleting a tenant-level policy recommendation, there are potential side effects that you must communicate to your NGFW administrator. When a tenant-level policy recommendation is imported on the NGFW, an application group and one or more custom apps are also created. These app objects identify the app tenants and user activities to detect. Deleting the policy on the NGFW does not automatically delete these app objects. Make sure your NGFW administrator understands that these app objects must be manually deleted. If a custom app isn’t deleted, the custom app will match other policy rules on the NGFW. As a result, unexpected actions might be applied to the traffic described in the custom app.