>
    Strata Copilot
    Create Advanced IP Defense Policy Rules in Strata Cloud Manager
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced IP Defense
    3. Create Advanced IP Defense Policy Rules
    4. Create Advanced IP Defense Policy Rules in Strata Cloud Manager
    Download PDF
    Advanced IP Defense

    Create Advanced IP Defense Policy Rules in Strata Cloud Manager

    Table of Contents

    Create Advanced IP Defense Policy Rules in Strata Cloud Manager

    Create policy rules within an Advanced IP Defense profile in Strata Cloud Manager to enforce security policies based on IP attributes and direct-to-IP detection.
    Policy rules within an Advanced IP Defense profile define how the cloud-managed infrastructure enforces security policies based on IP attributes and direct-to-IP detection. Each policy rule specifies match criteria using real-time IP attributes, logical operators to combine conditions, and actions to take when traffic matches the rule.
    1. Use the credentials associated with your Palo Alto Networks support account and log in to the Strata Cloud Manager on the hub.
    2. Access the Advanced IP Defense profile in Strata Cloud Manager.
      Select ConfigurationSecurity ServicesAdvanced IP Defense to access the Advanced IP Defense profiles.
    3. Select the Advanced IP Defense profile where you want to create the policy rule.
      Click on the profile name to open the profile configuration.
    4. Navigate to the policy rules section.
      Select Policy Rules to view existing policy rules and create new ones.
    5. Click Add to create a new policy rule.
      A new policy rule entry is created with default settings.
    6. Configure the match criteria for the policy rule.
      Select the specify the IP attributes that the rule should match.
      Use logical operators (AND, OR) to combine multiple match criteria. For example, you can create a rule that matches traffic from IPs classified as both "Malware C2" AND "Direct-to-IP Detection".
    7. Define the action for the policy rule.
      Choose the action to take when traffic matches the rule:
      • Block—Deny the traffic
      • Allow—Permit the traffic
      • Alert—Log the traffic without blocking
    8. Configure log severity for the policy rule.
      Select the log severity level to control how the rule match appears in your threat logs and SIEM:
      • Critical—Highest-confidence, most dangerous threat indicators where immediate action is required. Use for confirmed active command-and-control infrastructure, known botnet controllers, or IP addresses associated with ongoing targeted attacks.
      • High—High-confidence threat categories with a strong likelihood of malicious intent. Use for Malware C2 infrastructure, known exploit servers, and IPs associated with active data exfiltration.
      • Medium—Moderate confidence indicators that may include both malicious and legitimate traffic. Use for anonymizer and proxy services, high-risk IP ranges, or direct-to-IP connections that could indicate evasion techniques.
      • Low—Situational awareness without a confirmed threat. Use for broad netblock owner monitoring, traffic to hosting providers, or connections to IP ranges associated with vulnerable services.
      • Informational—Visibility-only rules where the match criteria is unlikely to represent a threat but the traffic pattern is worth recording. Use for monitoring baseline traffic to cloud infrastructure, CDN providers, or residential ISP ranges.
    9. Save the policy rule.
      Click Save to save the policy rule configuration.
    10. Commit your changes.
      Click Commit to apply the policy rule to your Strata Cloud Manager configuration.

    © 2026 Palo Alto Networks, Inc. All rights reserved.