Here’s another that some people get confused on and I don’t know why.
When working with APP-ID’s, you need to look for the “Depends on:” section. Here Palo Alto lists what this APP-ID depends on to work properly. So it’s a list of other applications that are REQUIRED for this application to work properly. If you don’t allow the application along with it’s dependencies through the firewall, then the application will NOT work.
I see people using APP-ID and wondering why it doesn’t work when they don’t have any of the dependencies. They think it will just work or they will say something like, then we’re allowing stun. Ugh, yea! Again it will not working without it. So your choice.
Sorry for the tone but I just don’t get it sometimes. 🙂