Policy Rulebase Management Using Tags
Table of Contents
Expand all | Collapse all
Policy Rulebase Management Using Tags
Create and assign tags to policies rules in your policy rulebase to visually group
and perform operation procedures based to groups of policy rules.
Tags allow you to identify the purpose or function of a policy rule and help you
better organize your policy rulebase. PAN-OS 11.0.3 introduces the ability to
visually group and manage your policy rulebase using the assigned tags from the
Tag Browser. When viewing your policy
rulebase using tags, you can perform operation procedures such as adding, deleting,
or moving the rules with the applied tag more easily. Viewing your policy rulebase
using tags maintains the rule evaluation order.
For firewalls managed by a Panorama management server, you can create and assign tags
to policy rules from Panorama. Both Panorama, managed firewalls, and standalone
firewalls running PAN-OS 11.0.3 or later 11.0 release support policy rulebase base
management using tags. Policy rulebase management using tags is supported for all
policy types.
- Create your policy rulebase.
- Create and apply tags to the policy rules you created.You must apply tags to the policy ruleTagfield and not theGroup Rules by Tagfield.
- SelectPoliciesand change the policy rulebase view from theDefault ViewtoRulebase by Tags.On the left-hand size, theTag Browseris displayed and all tags applied to all rules in the policy rulebase, the number of policy rules with the tag applied, and theRule Numberindicating the rule order for all policy rules within the policy rulebase with the tag applied.
- Select the Tag Browser display settings.
- (Optional) Use the search bar to search for a specific tag.
- Keep enabled or disableFilter by first tag in rule.When enabled, the Tag Browser displays theRule CountandRule Numberdata based on the first tag applied to each policy rule when multiple tags are applied. When disabled, the Tag Browser displays totalRule CountandRule Numberdata when multiple tags are applied to your policy rules.
- Select how to order tags in the Tag Browser.
- Rule Order—Order the policy rule tag data in the Tag Browser data based on how policy rules are ordered in the policy rulebase. This may mean that a tag applied to multiple policy rules will display multiple times in the Tag Browser if the tagged policy rules are dispersed throughout the policy rulebase.
- Alphabetical—Order the policy rule tag data in the Tag Browser based on the alphabetical order of applied tags.
- Apply or remove tags from the Tag Browser.The Tag Browser allows you to both apply a tag to policy rules within the policy rulebase, and remove a tag from all policy rules where the tag is currently applied.
- Apply a tag from the Tag Browser
You can also drag and drop tags you want to apply from the Tag Browser to the policy rule you want to apply it to.- In the policy rulebase, select one or more policy rules that you want to apply a tag to.
- In the Tag BrowserTag (Rule Count)column, select one or more tags you want to apply to the selected policy rules.
- Expand the tag options andApply Tag to the Selection(s).Review which tags you are apply to the selected policy rules and clickYesto apply the tags.
- Remove tags from the Tag Browser
- In the Tag BrowserRule Numbercolumn, expand the tag options andUntag Rule(s).
- A confirm window is displayed to confirm you want to untag your policy rules.You can remove the tags from only the selected policy rules or checkUntag all the rules with the selected tagto remove the tag from all policy rules with the tag.
- ClickYesto untag all policy rules that have the selected tag applied.
- Move tagged rules within your the policy rulebase.You can use the Tag Browser to move multiple tagged rules at once to change the policy rulebase hierarchy as needed.
- Select theRule OrderTag Browser display setting.
- In the Tag BrowserRule Numbercolumn, expand the tag options andMove Rule(s).Alternatively, you can drag and drop rules to reorder them in the policy rulebase.
- Select the tag around which you want to move.
- Move BeforeorMove Afteras needed.
- Add a new policy rule from the Tag Browser.You can add a new policy rule with tags already assigned directly from the Tag Browser. The new policy rule is added as the lowest rule in the rule order based on the selected tag.
- Select theRule OrderTag Browser display setting.
- In the Tag BrowserRule Numbercolumn, expand the tag options andAdd New Ruleand configure the policy rule as needed.
- Filter the policy rulebase using a tag.In the Tag BrowserRule Numbercolumn, expand the tag options andFilterthe policy rulebase. This allows you to apply one or more tag search filters to the policy rulebase to narrow down the list of policy rules displayed.