This document describes how to configure a Palo Alto Networks firewall to block traffic using on an application filter and still allow an application that is included in the filter. The example shown in this document blocks instant messaging (IM) and peer-to-peer (P2P) application-filter traffic, but still allow the Skype application.
The application filter is a dynamic item that is created by selecting filter options (Category, Subcategory, Technology) in the application browser. Any new applications coming to PAN-OS in a content update that match the same filters, the set will automatically be added to the Application Filter created. For example, when a 'peer-to-peer' is selected as a Technology Filter, that filter will automatically update if a new application gets added to that category in the latest content package.
Go to Objects > Application Filter
Click Add to configure an Application Filter that would include all instant messaging and P2P applications, by selecting the Category, Subcategory and Technology, as shown below: