I'm using the FW-logs in order to transform the security policies from legacy services towards app-id.
ML logs are onto the system etc.
Analysing rules via: R-click / App-id adoption / retrieve app (slow-fast) works fine.
Fi. Apps Splunk, ms-kms are detected.
When I convert the rule using "App-ID reconciliation / recommended", the service is converted to the detected app-id as-is.
However application dependencies are not taken into account?
fi. Splunk depends on web-browing, sms-kms depends on msrpc-base. This is leading to non-working policies.
I'm using Expedition: 1.1.42 (VM) and 22.214.171.124 (Physical server) both have the same behavior, while I believe this used to work in previous versions?
Thanks a lot,
Solved! Go to Solution.
A related rule: were app-id adoption is performed
Next: app-id reconciliation:
resulting in following app-id adopted:
But it doesn't take into account dependencies:
As a result the connectivity would break, impact could be generated etc.
Does anyone has this issue?
Would it be possible to share the project with fwmigrate at paloaltnetworks dot com via Project->Settings->Export?
I would like to check if the issue is related to the application database being used in your project, what may not be up-to-date and does not know about the dependencies, or if it is actually an issue related to the code that fails to include the dependencies as well.
Let us know via email, and we will update the results here later on
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!