>
    Add or Delete a Cloud Device Group
    Focus
    Download PDF
    Focus
    1. Home
    2. Cloud NGFW for Azure Administration
    3. Protect Traffic with Cloud NGFW for Azure
    4. Panorama Policy Management
    5. Add or Delete a Cloud Device Group
    Download PDF
    Cloud NGFW for Azure

    Add or Delete a Cloud Device Group

    Table of Contents

    Add or Delete a Cloud Device Group

    Learn how to add or delete a Cloud Device Group using Panorama policy management for your Cloud NGFW for Azure resource.
    Where Can I Use This?What Do I Need?
    • Cloud NGFW for Azure
    • Cloud NGFW subscription
    • Palo Alto Networks Customer Support Portal account
    • Azure Marketplace subscription
    After linking your Cloud NGFW resource to the Panorama virtual appliance you can start using the integration for policy management tasks, such as adding or deleting Cloud Device Groups.
    See Manage Device Groups for more information.

    Add a Cloud Device Group

    After linking your Cloud NGFW resource to the Panorama virtual appliance you can start using the integration for policy management tasks, such as adding device groups and applying policy rules to the device group.
    With Panorama, you group firewalls in your network into logical units called device groups. A device group enables grouping based on network segmentation, geographic location, organizational function, or any other common aspect of firewalls requiring similar policy configurations.
    Using device groups, you can configure policy rules and the objects they reference. Organize device groups hierarchically, with shared rules and objects at the top, and device group-specific rules and objects at subsequent levels. This enables you to create a hierarchy of rules that enforce how firewalls handle traffic.
    To add a cloud device group using the Panorama console:
    1. In the Azure plugin, select Cloud NGFW.
      The Cloud Device Group table is empty when you first select it. Previously created cloud device groups appear if they were established for the Cloud NGFW resource using Azure.
    2. Click Add in the lower left corner.
    3. In the Cloud Device Group screen:
      1. Enter a unique name for the cloud device group.
      2. Enter a description.
      3. Use the drop-down to select the Parent Device Group. By default, this value is shared.
      4. Select the Template Stack from the drop-down. Or, click Add to create a new one.
      5. Select the Panorama IP address used by the deployment. The drop-down allows you to select either the private or public IP address.
      6. Optionally select the Panorama HA Peer IP address.
      7. Optionally use the drop-down to select the Collector Group.
      8. Optionally configure Zone Mapping for the Cloud Device Group. Only two zones are supported: public or private.
      9. Click OK.
      10. Commit your change in the Panorama console to create the cloud device group. Next, Generate the registration string to create the Cloud NGFW resource and deploy in Azure.

    Delete a Cloud Device Group

    Use the Panorama console to delete a cloud device group. You can only delete a cloud device group if there are no firewalls attached to it.
    To delete a cloud device group from a resource using the Panorama console:
    1. In Panorama, select Cloud Device Groups.
    2. Select the Cloud Device Group you want to remove.
    3. In the lower portion of the Panorama console, click Delete.
    4. Click Yes to confirm the deletion.
    5. Commit the change.

    © 2025 Palo Alto Networks, Inc. All rights reserved.