@AndrewPaloAlto,
App-IDs are a collection of identifiable information (traffic signatures, protocol decoding, heuristics) which is able to identify traffic to a particular application without relying solely on port information like in older L4 deployments. These are updating constantly because the applications themselves don't stay the same, or PAN removes false-positives or expands coverage of an app-id so that it properly identifies even more traffic.
An example on why this can cause an outage would be if I configured a security rulebase entry that allowed the app-id SSL over a service object that maps to tcp/636. If a future content update expands coverage of the app-id ldap so that it starts matching traffic within my environment, I would no longer have a security rulebase entry that would allow the traffic to pass. IE: A rule allowing ssl on tcp/636 wouldn't allow traffic being identified as ldap on tcp/636 because the rule no longer matches the traffic.
If I have a few rules in place regarding allowing some configured alerts, are those configured alerts considered App-IDs?
This question is unclear in what you are actually asking. What exactly do you mean when you say that you have rules in place regarding allowing some configured alerts? Configured alerts for what, the firewall or some industrial equipment? App-IDs are the applications that you specify within the security rulebase entires; some of these are application containers which are made from multiple individual app-ids, but that's getting slightly into the weeds of things.
... View more