Don't tell me how to fix this, I already know how it works.
I need to know why Palo Alto does not have a separate APPID update and Threat update just like AV and WF are separate.
Using PA as an everything device we actually need Vulnerability and Antispyware to be separate as well.
While someone from PAN can chime in, I think its because the APPS are not updated as frequently? Is there a specific reason you would want them seperated out?
For that reason pretty much. Appid's need a differnet process for review than do Threat, AV and WF do not need much review at all and they have their own update.
Also would help to break out vulnerability and spyware separate and have a selection method for what gets pushed instead of managing by exception.
Those are valid reasons, however to propose a change like that you need to open a customer request through your SE/sales team. In the meantin, you can allow the PAN to install the newest Threats signatures and skip the APPs.
then configurethe updates to disable new APPs
Just a thoght.
I know how to do it, Check point has a much better solution even on r77.30.
At least spit out the updates and give the ability to review the updates and put those we do not need in a holding spot / review bucket or something else to address later.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!