To match the App-ID adoption task with its order in the process, follow these steps:
Perform a like-for-like (Layer 3/4) migration from the legacy firewall to the Palo Alto Networks NGFW.
This is the initial step to ensure that the Palo Alto Networks NGFW is in place and functioning with the existing security policies.
Capture, retain, and verify that all traffic has been logged for a period of time.
This step involves enabling logging and monitoring traffic to understand the application usage and to ensure that all traffic is being logged.
Clone the legacy rules and add application information to the intended application-based rules.
This step involves creating copies of the existing rules and enhancing them with application-specific information using App-ID.
Verify that no traffic is hitting the legacy rules.
After creating application-based rules, ensure that traffic is now hitting these new rules instead of the legacy rules. This indicates that the transition to App-ID based policies is successful.
Remove the legacy rules.
Once it is confirmed that no traffic is hitting the legacy rules and the new App-ID based rules are effectively managing the traffic, the legacy rules can be safely removed.
Order in Process:
Perform a like-for-like (Layer 3/4) migration from the legacy firewall to the Palo Alto Networks NGFW.
Capture, retain, and verify that all traffic has been logged for a period of time.
Clone the legacy rules and add application information to the intended application-based rules.
Verify that no traffic is hitting the legacy rules.
Remove the legacy rules.
References:
Palo Alto Networks - App-ID Best Practices: https://docs.paloaltonetworks.com/best-practices
Palo Alto Networks - Migration from Legacy Firewalls: https://docs.paloaltonetworks.com/migration
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit