Import a Policy Set into Panorama

1. Log in to your Panorama management server and navigate to PanoramaPolicy RecommendationIoT.

   When you do, Panorama fetches the latest active recommendations from the IoT Security cloud. If you already have the Policy Recommendations page open when you activate a policy set in IoT Security—or modify or deactivate an existing active policy set—then you must refresh the page to see the changes. Neither Panorama nor the firewalls cache any policy recommendations.
2. Click Import and import the policy rule recommendations to either the pre-rulebase or post-rulebase and then select the rule to place the imported rule after.

   Pre-rules are rules written in Panorama that are added before the rules defined locally on a firewall. Post-rules are rules written in Panorama that are added after rules defined on a firewall.

   If you don’t select a rule, Panorama places the imported policy recommendations at the top of your rulebase.

   So that any other Security policy rules for the same devices as those in the recommended rules do not occlude them, position the recommended rules before the others in the rulebase.
3. Click OK.

   The import operation automatically creates the supporting objects a policy rule requires—device objects, service objects, address objects—and then it creates the policy rule itself.

   You can either apply a log forwarding profile to each policy rule manually or—before importing the rule recommendations—create a log forwarding profile and name it “default” to have it applied automatically. See the section about log forwarding profiles in Prepare Your Firewall for IoT Security and also Configure Policies for Log Forwarding.
4. Commit the configuration change.

   For more information about importing a policy set into Panorama (and directly into firewalls), see Configure Device-ID.