https://live.paloaltonetworks.com/t5/next-generation-firewall/deepseek-restriction/m-p/1227244#M5821 <P>I've noticed when trying to just use the appIDs, any web traffic not able to be identified ("incomplete", "insufficient-data") will hit the policy even though the appID doesn't technically match the policy. My other thought was just to allow the unidentified traffic on 80/443 in a policy just before the deepseek policy but that is not an option (I was thinking after the session got established, it would then start hitting the deny).</P> <P>&nbsp;</P> <P>I know the new deepseek appIDs have been out for a while but is it still best practice to use those appIDs in conjunction with URL filtering?</P> Wed, 23 Apr 2025 15:19:38 GMT LBSalvat 2025-04-23T15:19:38Z https://live.paloaltonetworks.com/t5/next-generation-firewall/deepseek-restriction/m-p/1227244#M5821 <P>I've noticed when trying to just use the appIDs, any web traffic not able to be identified ("incomplete", "insufficient-data") will hit the policy even though the appID doesn't technically match the policy. My other thought was just to allow the unidentified traffic on 80/443 in a policy just before the deepseek policy but that is not an option (I was thinking after the session got established, it would then start hitting the deny).</P> <P>&nbsp;</P> <P>I know the new deepseek appIDs have been out for a while but is it still best practice to use those appIDs in conjunction with URL filtering?</P> Wed, 23 Apr 2025 15:19:38 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/deepseek-restriction/m-p/1227244#M5821 LBSalvat 2025-04-23T15:19:38Z