Focus

Cloud NGFW for Azure

Cloud NGFW for Azure Security Rule Objects

Table of Contents

Cloud NGFW for Azure Security Rule Objects

Security rule objects for Cloud NGFW.

A security rule object is a single object or collective unit that groups discrete identities such as IP addresses, FQDN, or certificates. Typically, when creating a policy object, you group objects that require similar permissions in the policy. For example, if your organization uses a set of server IP addresses for authenticating users, you can group the set of server IP addresses as a prefix list object and reference that prefix list in one or more security rules. Group object allows you to significantly reduce the administrative overhead in creating rules.

Prefix
and FQDN Lists
—prefix and FQDN lists allow you to group specific source or destination IP addresses or FQDNs that require the same policy enforcement. A prefix list can contain one or more IP addresses or Internet Protocol netmask in CIDR notation. An address object of type Internet Protocol netmask requires you to enter the IP address or network using slash notation to indicate the IPv4 network. For example, 192.168.18.0/24. An FQDN (for example, paloaltonetworks.com) object provides further ease of use because DNS provides the FQDN resolution to the IP addresses instead of you needing to know the IP addresses and manually updating them every time the FQDN resolves to new IP addresses.

Certificate
—a certificate object is a reference to a TLS certificate stored in the Azure Key Vault in your Azure account, and is used in outbound decryption.

PAN-OS version 11.0.x is required when using Azure Key Vault for outbound decryption.

Create a Rulestack on Cloud NGFW for Azure

Create a Prefix List on Cloud NGFW for Azure

Cloud NGFW for Azure

Cloud NGFW for Azure Security Rule Objects

Cloud NGFW for Azure Security Rule Objects

Recommended For You