Extended Policy Impact Review for Content Releases

Policy impact review is now available for installed content releases and includes details on how modified App-IDs affect security policy enforcement. Previously, policy impact review details, where you can view all security policy rules where application enforcement might have changed due to a content update, were only available for downloaded content updates and detailed only how new App-IDs affected security policy rules.
Take the following steps to see a list of the applications modified in a content release and assess how those changes impact security policy enforcement. Importantly, updates to applications with network-wide impact (for example, LDAP or IKE) are prominently flagged as a Policy Review Recommendation.
  1. Select DeviceDynamic Updates and Download the latest Applications and Threats content release.
  2. For any content release (downloaded or currently installed) select either Review Policies or Review Apps in the Action column of the content update row.
    nfg-review-apps.png
  3. Review Apps to see a list of all applications that are modified in a content release, and see details for each application. In addition to modified applications being listed, updates to applications with network-wide impact (for example, LDAP or IKE) are prominently flagged as a Policy Review Recommendation. This signals to you to evaluate potential changes in enforcement for those critical applications.
  4. Review Policies to see the security policy rules that might enforce traffic differently now that the application is modified.

Related Documentation