Use objects in Strata Cloud Manager to build shared policy for your NGFWs and Prisma
Where Can I Use
What Do I Need?
Objects are policy building blocks that group discrete identities such as
IP addresses, URLs, applications, or users. Use them to define and group entities,
settings, or preferences. You can then easily reference and reuse the objects in
your policies. When you update an object definition (or if it can be updated
dynamically), the policy rules referencing that object automatically enforce your
latest changes. By grouping objects, you can significantly reduce the administrative
overhead in creating policies.
Reuse and reference an address or group of addresses across
policy rules, filters, or other functions without having to manually add
the address or addresses each time. You can define regions to apply
policy to specified countries or locations. Applying policy based on
region is a great way to
control traffic between branch offices.
Your network traffic is automatically classified into applications
that you can use to build a versatile security policy based on your
business needs. To simplify the creation of security policies,
applications requiring the same security settings can be combined into
an application group. Application
groups can include applications, application groups, and application
While the HTTP and HTTPS services are already defined for you and
ready to use, you can add service definitions to control the port
numbers that applications can use. You can combine services that are
often assigned together into service groups to simplify the
creation of security policies.
Decide what GlobalProtect app data (the host information profile,
or HIP, data the app collects from endpoints) that you want to use to
enforce security policy. Combine HIP objects to build a HIP profile. Think of HIP
profiles as security posture checklists again which your hosts are
evaluated, and each HIP object is one item on the list. You can grant
hosts access to your network or to sensitive resources based on their
security posture compliance.
Dynamic user groups give you a way to auto-remediate anomalous user
behavior and malicious activity. Membership in a dynamic user group is
tag-based – users are included in the group only so long as they match
your defined criteria.
An External Dynamic List (EDL) is an internally or externally
hosted text file used for policy enforcement. The firewall check your
EDLs at your configured intervals to enable dynamic policy
Identify and quarantine compromised devices. You can either
manually or automatically (based on auto-tags) add devices to a
quarantine list. You can block quarantined devices from accessing the
network or restrict the device traffic based on a security