Cloud NGFW for AWS Security Rule Objects
Table of Contents
Expand all | Collapse all
-
- About Cloud NGFW for AWS
- Getting Started from the AWS Marketplace
- Cloud NGFW for AWS Pricing
- Link Your PAYG Account with Cloud NGFW Credits
- Cloud NGFW for AWS Free Trial
- Cloud NGFW for AWS Limits and Quotas
- Subscribe to Cloud NGFW for AWS
- Locate Your Cloud NGFW for AWS Serial Number
- Cross-Account Role CFT Permissions for Cloud NGFW
- Invite Users to Cloud NGFW for AWS
- Manage Cloud NGFW for AWS Users
- Deploy Cloud NGFW for AWS with the AWS Firewall Manager
- Enable Programmatic Access
- Terraform Support for Cloud NGFW AWS
- Provision Cloud NGFW Resources to your AWS CFT
- Usage Explorer
- Create a Support Case
-
-
- Prepare for Panorama Integration
- Link the Cloud NGFW to Palo Alto Networks Management
- Unlink the Cloud NGFW from Palo Alto Networks Management
- Associate a Linked Panorama to the Cloud NGFW Resource
- Use Panorama for Cloud NGFW Policy Management
- View Cloud NGFW Logs and Activity in Panorama
- View Cloud NGFW Logs in Cortex Data Lake
- Tag Based Policies
- Enterprise Data Loss Prevention (E-DLP) Integration with Cloud NGFW for AWS
-
Cloud NGFW for AWS Security Rule Objects
A security rule object is a single object
or collective unit that groups discrete identities such as IP addresses,
fully-qualified domain names (FQDN), intelligent feeds, or certificates. Typically,
when creating a policy object, you group objects that require similar
permissions in policy. For example, if your organization uses a
set of server IP addresses for authenticating users, you can group
the set of server IP addresses as a prefix list object and reference
that prefix list in one or more security rule. Group object allows
you to significantly reduce the administrative overhead in creating
rules.
- PrefixandFQDN Lists—prefix and FQDN lists allow you to group specific source or destination IP addresses or FQDNs that require the same policy enforcement. A prefix list can contain one or more IP addresses or IP netmask in CIDR notation. An address object of type IP Netmask requires you to enter the IP address or network using slash notation to indicate the IPv4 network. For example, 192.168.18.0/24. An FQDN (for example, paloaltonetworks.com) object provides further ease of use because DNS provides the FQDN resolution to the IP addresses instead of you needing to know the IP addresses and manually updating them every time the FQDN resolves to new IP addresses.
- Custom URL Category—a custom URL category allows you to specify exceptions to a URL category enforcement and to create a custom URL category based on multiple existing categories.
- Intelligent Feed—an intelligent feed, also called an external dynamic list (EDL), is an ongoing stream of data related to potential or current threats to an organization’s security. An intelligent feed records and tracks IP addresses and URLs that are associated with threats such as phishing scams, malware, bots, spyware, ransomware, and more.Cloud NGFW includes four built-in intelligent feeds.
- Palo Alto Networks Bulletproof IP Addresses—Contains IP addresses provided by bulletproof hosting providers. Because bulletproof hosting providers place few, if any, restrictions on content, attackers frequently use these services to host and distribute malicious, illegal, and unethical material.
- Palo Alto Networks High-Risk IP Addresses—Contains malicious IP addresses from threat advisories issued by trusted third-party organizations. Palo Alto Networks compiles the list of threat advisories, but does not have direct evidence of the maliciousness of the IP addresses.
- Palo Alto Networks Known Malicious IP Addresses—Contains IP addresses that are verified malicious based on WildFire analysis, Unit 42 research, and data gathered from telemetry. Attackers use these IP addresses almost exclusively to distribute malware, initiate command-and-control activity, and launch attacks.
- Palo Alto Networks Tor Exit IP Addresses—Contains IP addresses supplied by multiple providers and validated with Palo Alto Networks threat intelligence data as active Tor exit nodes. Traffic from Tor exit nodes can serve a legitimate purpose, however, is disproportionately associated with malicious activity, especially in enterprise environments.
You can connect your NGFW with Palo Alto Networks built-in intelligence feeds and third-party intelligent feeds to provide up-to-date information about threats to your network. If the connection requires specifying decryption certificates, you can configure Cloud NGFW to use a Cloud NGFW Certificate object described below. - Certificate—a certificate object is a reference to a TLS certificate stored in the AWS Secrets Manager in your AWS account.