This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

App-ID updates break existing rules

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

App-ID updates break existing rules

msullivan
L3 Networker

‎10-07-2013 11:53 AM

Howdy,

How do most of you manage situations where App-ID updates break functioning rules?  This just happened to me: I have Lync 2010 and the internal clients need to connect to the edge server.  I had a rule in place that allowed ms-lync, ssl, and stun.  That worked fine until last weeks update (396), at which point ssl was now identified as "ms-lync-online".  So the rule started blocking traffic to external clients who shared a resource.  The fix was to observe internal client traffic to the Lync edge server to see that traffic was now denied, then add the application to the list of allowed traffic.

So that is one instance, I bet others out there have found issues too.  What are people doing to protect functioning policies from breaking after app-id updates?

Thanks,

Mike

Labels:
0 Likes Likes
8 REPLIES 8

msullivan
L3 Networker
In response to darren_g

‎10-09-2013 08:09 AM

+1

0 Likes Likes

ericgearhart
L4 Transporter
In response to darren_g

‎10-09-2013 12:35 PM

If they broke out App-ID updates from threat updates that would be nice too. I'd like to not be missing threat updates that have come out just because I'm holding off on updating my App-ID version... right now the two are intertwined. I'd rather see them split apart.

mbutt
L5 Sessionator

‎10-09-2013 04:05 PM

Hi Mike,

You can always go to the release notes before upgrading. That will have the modified decoders and the latest added or changed applications.

Thank you

Numan

kalebw
L3 Networker
In response to darren_g

‎10-09-2013 05:31 PM

This is about the best option and best description of the circumstances

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks