https://live.paloaltonetworks.com/t5/general-topics/looking-for-advice-on-app-id-configuration/m-p/20834#M15214 <HTML><HEAD></HEAD><BODY><P>Looking through the white papers and documentation, I didn't really find much as to a recommendation on how to tackle the task of app-id configuration as a whole. Have any of you found any documentation that was helpful in this area? <SPAN style="font-size: 10pt; line-height: 1.5em;">One approach I was considering was running a report to identify the most widely used applications within our organization and initially focusing on those that need to be addressed right away. But I can only imagine that eventually a decision point will have to be made on every app-id and future additions PA decides to make. I was also thinking I almost need to create some type of matrix that identifies all of the standardized applications App-id addresses along with all the controls and a decision point on if that control is turned on or not. What approach did you and your organization use to tackle App-id configuration? Rather than re-inventing the wheel, I thought I would ask for advice from my peers that have already gone through this process.</SPAN></P></BODY></HTML> Tue, 04 Jun 2013 16:44:27 GMT jbabcockii 2013-06-04T16:44:27Z https://live.paloaltonetworks.com/t5/general-topics/looking-for-advice-on-app-id-configuration/m-p/20834#M15214 <HTML><HEAD></HEAD><BODY><P>Looking through the white papers and documentation, I didn't really find much as to a recommendation on how to tackle the task of app-id configuration as a whole. Have any of you found any documentation that was helpful in this area? <SPAN style="font-size: 10pt; line-height: 1.5em;">One approach I was considering was running a report to identify the most widely used applications within our organization and initially focusing on those that need to be addressed right away. But I can only imagine that eventually a decision point will have to be made on every app-id and future additions PA decides to make. I was also thinking I almost need to create some type of matrix that identifies all of the standardized applications App-id addresses along with all the controls and a decision point on if that control is turned on or not. What approach did you and your organization use to tackle App-id configuration? Rather than re-inventing the wheel, I thought I would ask for advice from my peers that have already gone through this process.</SPAN></P></BODY></HTML> Tue, 04 Jun 2013 16:44:27 GMT https://live.paloaltonetworks.com/t5/general-topics/looking-for-advice-on-app-id-configuration/m-p/20834#M15214 jbabcockii 2013-06-04T16:44:27Z https://live.paloaltonetworks.com/t5/general-topics/looking-for-advice-on-app-id-configuration/m-p/20835#M15215 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Starting from ACC will be good way to construct a secure way.</P><P>If you can do best is "positive security" model as you know.That is not possible for every environment but a best practice for me.</P><P>Over an implicity deny, only allow what app you need.And for policy rules , service option - application default.</P><P>This will take some time, but after then most secure.</P><P>Alternatively, if you can't do that, you should use app. filters by category and also it is a dynamic solution.</P><P>After that you should add any harmful apps to a group and write a deny rule for both.</P><P></P><P></P><P>Regards.</P></BODY></HTML> Tue, 04 Jun 2013 17:38:05 GMT https://live.paloaltonetworks.com/t5/general-topics/looking-for-advice-on-app-id-configuration/m-p/20835#M15215 Retired Member 2013-06-04T17:38:05Z