Network Security
Use Dynamic Address Groups in Policy (Strata Cloud Manager)
Table of Contents
Expand All
|
Collapse All
Network Security Docs
-
- Security Policy
-
- Security Profile Groups
- Security Profile: AI Security
- Security Profile: WildFire® Analysis
- Security Profile: Antivirus
- Security Profile: Vulnerability Protection
- Security Profile: Anti-Spyware
- Security Profile: DNS Security
- Security Profile: DoS Protection Profile
- Security Profile: File Blocking
- Security Profile: URL Filtering
- Security Profile: Data Filtering
- Security Profile: Zone Protection
-
- Policy Object: Address Groups
- Policy Object: Regions
- Policy Object: Traffic Objects
- Policy Object: Applications
- Policy Object: Application Groups
- Policy Object: Application Filter
- Policy Object: Services
- Policy Object: Auto-Tag Actions
- Policy Object: Devices
-
- Uses for External Dynamic Lists in Policy
- Formatting Guidelines for an External Dynamic List
- Built-in External Dynamic Lists
- Configure Your Environment to Access an External Dynamic List
- Configure your Environment to Access an External Dynamic List from the EDL Hosting Service
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Policy Object: HIP Objects
- Policy Object: Schedules
- Policy Object: Quarantine Device Lists
- Policy Object: Dynamic User Groups
- Policy Object: Custom Objects
- Policy Object: Log Forwarding
- Policy Object: Authentication
- Policy Object: Decryption Profile
- Policy Object: Packet Broker Profile
-
-
-
- The Quantum Computing Threat
- How RFC 8784 Resists Quantum Computing Threats
- How RFC 9242 and RFC 9370 Resist Quantum Computing Threats
- Support for Post-Quantum Features
- Post-Quantum Migration Planning and Preparation
- Best Practices for Resisting Post-Quantum Attacks
- Learn More About Post-Quantum Security
-
-
-
- Investigate Reasons for Decryption Failure
- Identify Weak Protocols and Cipher Suites
- Troubleshoot Version Errors
- Troubleshoot Unsupported Cipher Suites
- Identify Untrusted CA Certificates
- Repair Incomplete Certificate Chains
- Troubleshoot Pinned Certificates
- Troubleshoot Expired Certificates
- Troubleshoot Revoked Certificates
Use Dynamic Address Groups in Policy (Strata Cloud Manager)
Create security rules that automatically adapts to changes.
The following example shows how Dynamic Address Groups can simplify network security
enforcement. The example workflow shows how to:
- Create Dynamic Address Groups and define the tags to filter.
- Use Dynamic Address Groups in policy.
- Create Dynamic Address Groups.View the tutorial to see a big picture view of the feature.
- Select ManageNGFW and Prisma AccessObjectsAddressAddress Groups.
- Select Add Address Group and enter a Name and a Description for the address group.
- Select Type as Dynamic.
- Define the match criteria. You can select dynamic and static tags as the match criteria to populate the members of the group. Click Add Match Criteria, and select the And or Or operator and select the attributes that you would like to filter for or match against, then select Save. Negation isn’t supported.
- Click Commit.
- Use Dynamic Address Groups in policy.View the tutorial.
- Select ManageNGFW and Prisma AccessSecurity ServicesSecurity Policy.
- Select Add Rule and enter a Name and a Description for the policy.
- Add the Source Zone to specify the zone from which the traffic originates.
- Add the Destination Zone at which the traffic is terminating.
- For the Destination Address, select the Dynamic Address Group you just created.
- Specify the action— Allow or Deny—for the traffic, and optionally attach the default security profiles to the rule.
- Repeats steps 1 through 6 to create another security rule.
- Select Push Config.