05-22-2024 03:43 PM
Hi Looks like the latest update breaks the application filter rule. I had a look and it seem like the "google-drive-web' is a group and does not have an associated risk, 'google-drive-web-base' does have a risk 5 for it, I tried to create one called 'google-drive-web' but I unable to create one as the group is already named 'google-drive-web'
I have Raised a TAC case but any suggestions much appreciated.
05-24-2024 10:23 AM
This can be fixed by creating a new Application filter with the same "excludes" as the filter/ filters that contain "google-drive-web". In the new filter you can exclude "Google-Drive-web-base". You then have to replace the filter all in the rules the original was located, once you have replaced them you then delete the errored filter.
05-23-2024 12:12 AM
Yes, i'm having the same issues too ( exact the same error). To commit, i first have to revert to the previous App-ID update.
05-23-2024 01:23 AM
Thanks, I've got some issues. Reverting to the previous pack helped.
05-23-2024 04:45 AM
Having the same issue... Just started yesterday... I am kind of a newbe here... Do you mind saying how did you recert back to the previous pack?
05-23-2024 04:50 AM
Go to : Device \ Dynamic Updates -> Application and Threats ->Revert to 8851-8750. But be aware this is only a temporary solution! Let's hope they release today or tomorrow a new App Policy.
05-23-2024 04:51 AM
Device --> Dynamic Updates --> Application and Threats, and press Revert on the previous pack.I hope this helps you, as it helped me too
05-23-2024 04:59 AM
Thank you, its fixed our issue and really apprecate you taking the time to share.
05-23-2024 02:27 PM
Thank you. Same issue here. Hopefully they will get it straightened out.
05-24-2024 10:23 AM
This can be fixed by creating a new Application filter with the same "excludes" as the filter/ filters that contain "google-drive-web". In the new filter you can exclude "Google-Drive-web-base". You then have to replace the filter all in the rules the original was located, once you have replaced them you then delete the errored filter.
05-29-2024 09:44 AM
For those of you who don't want to wait for a more permanent fix, this worked for me as a quick way to get rid of the "bad" app-id from the app filters. After doing the steps below, you'll need to exclude the new app-ids in your app filters. Thanks to @eric.pedersen for the tip. Palo Alto posted an advisory notice on this issue too.
This application filter is easily fixed on the CLI and doesn't have to be recreated.
For example:
delete application-filter <name> exclude google-chat
or on Panorama:
delete shared application-filter <name> exclude google-chat
or, whatever scope other than shared that your application filter is in.
05-29-2024 11:03 AM
Thanks Pzungia,
This is the way forward there is a post with further detail.
06-11-2024 06:47 AM
The link tells me I do not have sufficient access...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
