Import a Policy Set into Panorama
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
Import a Policy Set into Panorama
Panorama
Import an automatically generated policy set for IoT device behaviors into the
Panorama
management system.- Log in to yourPanoramamanagement server and navigate to.PanoramaPolicy RecommendationIoTWhen you do,Panoramafetches the latest active recommendations from theIoT Securitycloud. If you already have the Policy Recommendations page open when you activate a policy set inIoT Security—or modify or deactivate an existing active policy set—then you must refresh the page to see the changes. NeitherPanoramanor the firewalls cache any policy recommendations.
- ClickImportand import the policy rule recommendations to either the pre-rulebase or post-rulebase and then select the rule to place the imported rule after.Pre-rules are rules written inPanoramathat are added before the rules defined locally on a firewall. Post-rules are rules written inPanoramathat are added after rules defined on a firewall.If you don’t select a rule,Panoramaplaces the imported policy recommendations at the top of your rulebase.So that any other Security policy rules for the same devices as those in the recommended rules do not occlude them, position the recommended rules before the others in the rulebase.
- ClickOK.The import operation automatically creates the supporting objects a policy rule requires—device objects, service objects, address objects—and then it creates the policy rule itself.You can either apply a log forwarding profile to each policy rule manually or—before importing the rule recommendations—create a log forwarding profile and name it “default” to have it applied automatically. See the section about log forwarding profiles in Prepare Your Firewall for IoT Security and also Configure Policies for Log Forwarding.
- Commit the configuration change.For more information about importing a policy set intoPanorama(and directly into firewalls), see Configure Device-ID.