Extended Policy Impact Review for Content Releases
Policy impact review is now available for installed content releases and includes details on how modified App-IDs affect security policy enforcement. Previously, policy impact review details, where you can view all security policy rules where application enforcement might have changed due to a content update, were only available for downloaded content updates and detailed only how new App-IDs affected security policy rules.
Take the following steps to see a list of the applications modified in a content release and assess how those changes impact security policy enforcement. Importantly, updates to applications with network-wide impact (for example, LDAP or IKE) are prominently flagged as a Policy Review Recommendation.
- Select DeviceDynamic Updates and Download the latest Applications and Threats content release.
- For any content release (downloaded or currently installed) select either Review Policies or Review Apps in the Action column of the content update row.
- Review Apps to see a list of all applications that are modified in a content release, and see details for each application. In addition to modified applications being listed, updates to applications with network-wide impact (for example, LDAP or IKE) are prominently flagged as a Policy Review Recommendation. This signals to you to evaluate potential changes in enforcement for those critical applications.
- Review Policies to see the security policy rules that might enforce traffic differently now that the application is modified.