This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

"Add to This Rule" versus "Add to Exiting rule"

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

"Add to This Rule" versus "Add to Exiting rule"

Go to solution
cmartin_60
L1 Bithead

‎04-07-2022 02:28 PM

Hi Guys,

 

I tried to find out what is the difference between  "Add to This Rule" versus "Add to Exiting rule" in a security policy.

 

Thanks

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite

‎04-07-2022 04:23 PM

@cmartin_60,

Assuming that you're talking about policy optimization on the "Apps Seen" tab, it means what you would expect. The Add to This Rule option will add the app specified to the rule that captured the traffic initially, while the Add to Existing Rule will add the application into a different entry that already exists in your rulebase.

As an example, if you have any sort of "catch-all" rule present to identify traffic, you'd likely never want to "Add to This Rule" since it would completely break the purpose of the rule; instead you would either "Add to Existing Rule" (say if you want to add it to some sort of "allowed applications" rule or something like that), or you would "Create Cloned Rule" to create a new entry and not break the "catch-all" entry. 

View solution in original post

2 REPLIES 2

Go to solution
BPry
Cyber Elite
Cyber Elite

‎04-07-2022 04:23 PM

@cmartin_60,

Assuming that you're talking about policy optimization on the "Apps Seen" tab, it means what you would expect. The Add to This Rule option will add the app specified to the rule that captured the traffic initially, while the Add to Existing Rule will add the application into a different entry that already exists in your rulebase.

As an example, if you have any sort of "catch-all" rule present to identify traffic, you'd likely never want to "Add to This Rule" since it would completely break the purpose of the rule; instead you would either "Add to Existing Rule" (say if you want to add it to some sort of "allowed applications" rule or something like that), or you would "Create Cloned Rule" to create a new entry and not break the "catch-all" entry. 

Go to solution
nevolex
L3 Networker

‎04-22-2023 12:17 AM

I find it confusing, wouldn't it be easier to say: 'add to this rule' and "add to other rule" instead?

0 Likes Likes
  • 1 accepted solution
  • 1676 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks