12-02-2023 12:40 PM - edited 12-02-2023 12:40 PM
I'm not sure how much it's been publicized, but there's a pretty significant improvement to how Palo is letting customers handle newly released APP-IDs or application shifts.
Thus far when new app-ids are released customers just have to accept them without really understanding if the coming change will effect existing security policy. Well finally Palo is doing something about it. Palo will create a "threat" signature that will be fired on a new "to be released" application. This "threat" alert will inform firewall admins about traffic that while is currently hitting a certain application will match a "to be released" / coming application.
Not only will this awareness exist. Palo is also creating a "Policy Optimizer" of sorts where admins can proactively add these coming applications to existing policy, or even create a new security rule with these new applications.
This is an amazing feature that will make handling new app-ids something Palo admins can finally say we have a process for. (I'm just a long time Palo admin sharing what I hope is some helpful news)
I wanted to bring awareness to the below blog post. It's in an area people might not always look at so I figured I'd share here.
