Palo Alto Networks Knowledgebase: Release of the Epic App-ID
Release of the Epic App-ID
Created On 09/25/18 19:45 PM - Last Updated 02/08/19 00:01 AM
Epic is an electronic medical record (EMR) application used by healthcare providers to manage patient records. Through cooperation with Epic and customer volunteers, we at Palo Alto Networks are happy to announce the plan for release of the new Epic App-ID which will provide visibility into Epic application traffic on healthcare provider networks.
Prior to the existence of the Epic App-ID, Palo Alto Networks firewalls categorized Epic CF traffic as "unknown TCP". With the Epic App-ID it will become a lot easier for customers to just safely enable Epic without the need of creating port-based policies or allowing unknown-tcp traffic on a set of destination ports.
In the week of 17th of July 2017, Palo Alto Networks will be adding a new App-ID named 'Epic' intended to simplify the safe enablement of the Epic CF protocol used by the EMR application developed by Epic (About EPIC).
"epic" App-ID will be released in 2 parts:
June 2017 - "Epic" placeholder App-ID - Release time frame (Week of June 19th, 2017)
July 2017 - Functionally enable the "Epic" App-ID - Release time frame (Week of July 17th, 2017)
"Epic" will be added as placeholder app and will be delivered in the week of June 19th, 2017. This App-ID, delivered as a placeholder, allows our customers to make any necessary policy changes to their firewalls ahead of time. Placeholder App-ID gives enough time for the customers to plan and add the App-IDs to their security policy.
Frequently Asked Questions
Q: Why did Palo Alto Networks make this change?
A: Based on our interaction with a lot of our customers in the healthcare space and the evolving threat landscape a request for an Epic App-ID has come up often. Being cognizant of that we engaged customers and Epic to develop an App-ID for Epic so that all our customers can safely enable the Epic application.
Q: What policy changes will be required?
A: If you are a customer who is using an App-ID based policy and the App-ID named unknown-tcp to allow Epic related traffic, you will be required to change this policy to allow Epic App-ID.
Q: What if I am using port-based policies to allow traffic related to Epic ?
A: If you are using port-based policies to safely enable Epic traffic you will not be affected by this change. However we highly recommend that you start using the Epic App-ID to safely enable traffic related to Epic.
Q: What happens if unknown-tcp is not replaced by Epic App-ID in the security policies?
A: In the week of July 17, 2017, Epic App-ID will be functionally enabled. Any Epic traffic will be identified as Epic and no longer identified as unknown-tcp. Any security policy allowing or blocking unknown-tcp App-ID will no longer apply to Epic traffic as it is now identified as Epic.