We have defined Risk App block rule which contains the app by risk category, characteristics and vice versa.
After upgrading PA to 10.1.5-h1 version it starts to block ssl, web-browsing, google-base, whatsapp and other apps which are not among apps which is blocked by my defined rule.
I'va looked for matching apps in app filters, but there were no apps which PA is blocked incorrectly. I assume that App Filter rule does not work properly.
Device is PA-820, PAN OS version 10.1.5-h1. Latest app and threats db is installed.
That's not really a lot of information to go off of in your post if I'm being honest. How exactly do you have the application filter setup? When you look at the denied traffic does it transition from a blocked application to a know app-id at all? Without knowing how the filter is actually configured, it could be acting exactly as configured or it could not be. We'd need to know the actual filter to look into that more.
The only thing that I can say at the moment is that I haven't encountered any issues with our existing application filters when upgrading from 10.0 to 10.1, so I wouldn't expect this to be a bug.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!