The setup you see here, is used for port to App-ID migration. Customer migrating from other firewalls, port based, to Palo Alto Networks, will typically be done with no policy changes as the first step. Then App-ID adoption is the next step. Other customers start from scratch, building an App-ID based ruleset from day 1. Then the 3 policy lines you see will be used. The last rule you could call a "clean up rule". Everything that are to match that rule, are for you to move into one of the two above. Me personally would have moved the known bad to the top. When you've cleaned up things, after verifying for days or weeks, depends on you gut feeling, and when you see close to nothing in the last rule, you could just disable/delete the any rule. Then you've created a Application based White List ruleset. And that's what Palo Alto Networks is all about, bringing back the default action of the firewall, by doing what the intention of the firewall has always been, to control what you allow.
... View more