10-09-2025 01:34 AM
Hi, Say I have a firewall that just been converted from Cisco to Palo alto and it got 1000 rules, is there a way I can list out all the rules that have dependent apps needing to be added to the the Applications on the rule. So I don't have to go into each rule and see if there are any dependent apps?
10-09-2025 06:28 AM
As far as I know, there's no real way to list that information out in bulk. The closest you could get is doing as @MRamadanAHafiez suggested and commit a change to then see the rules listed there, but you cannot export that list. Also, as a side note, you don't have to fully commit a change, you can "Validate Commit" to see the list and then revert the change without making a live commit to the config. That feature is also useful for shadowed rules. Policy Optimizer won't help you in your specific case but is extremely helpful for a multitude of other reasons.
As far as I know you'll have to go through each rule. You'll want to do that anyways if onboarding a new NGFW to clean up old rules that are either obsolete or poorly configured.
Good luck!
10-09-2025 02:52 AM
Hi,
as far as I know, its better to check the apps and enable it your self because the main purpose is controlling who can access which application but:
- you can check the commet window each time you commet a change, you will see a summary of which app is required in which rule.
- also, you can use the policy optimizer, in the policy tab, really useful.
- about me, I would prefer to check the rules in a bulk or even one by one for any app dependencies.
Best wishes.
10-09-2025 03:04 AM
NGFW (Managed by Strata Cloud Manager) now provides users the ability to view all dependent applications associated with a selected application while creating Security Policy Rules.
Policy Application Dependency Management
Also check the following links on the topic :
10-09-2025 06:28 AM
As far as I know, there's no real way to list that information out in bulk. The closest you could get is doing as @MRamadanAHafiez suggested and commit a change to then see the rules listed there, but you cannot export that list. Also, as a side note, you don't have to fully commit a change, you can "Validate Commit" to see the list and then revert the change without making a live commit to the config. That feature is also useful for shadowed rules. Policy Optimizer won't help you in your specific case but is extremely helpful for a multitude of other reasons.
As far as I know you'll have to go through each rule. You'll want to do that anyways if onboarding a new NGFW to clean up old rules that are either obsolete or poorly configured.
Good luck!
10-14-2025 02:12 AM
I agree with your answer, even though I dont like it ;-(
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
