Cloud NGFW for Azure Security Rule Objects
Security rule objects for Cloud NGFW.
A security rule object is a single object or collective unit that groups discrete
identities such as IP addresses, FQDN, or certificates. Typically, when creating a
policy object, you group objects that require similar permissions in the policy. For
example, if your organization uses a set of server IP addresses for authenticating
users, you can group the set of server IP addresses as a prefix list object and
reference that prefix list in one or more security rules. Group object allows you to
significantly reduce the administrative overhead in creating rules.
Prefix and FQDN Lists—prefix and FQDN lists allow you to group specific source or
destination IP addresses or FQDNs that require the same policy enforcement. A
prefix list can contain one or more IP addresses or Internet Protocol netmask in
CIDR notation. An address object of type Internet Protocol netmask requires you
to enter the IP address or network using slash notation to indicate the IPv4
network. For example, 192.168.18.0/24. An FQDN (for example,
paloaltonetworks.com) object provides further ease of use because DNS provides
the FQDN resolution to the IP addresses instead of you needing to know the IP
addresses and manually updating them every time the FQDN resolves to new IP
addresses.
Certificate—a certificate object is a reference to a TLS certificate stored in the
Azure Key Vault in your Azure account,
and is used in outbound decryption.
PAN-OS version
11.0.x is required when using Azure Key Vault for outbound decryption.
