Network Security
Use Dynamic Address Groups in Policy (Strata Cloud Manager)
Table of Contents
Expand All
|
Collapse All
Network Security Docs
Use Dynamic Address Groups in Policy (Strata Cloud Manager)
Create security rules that automatically adapts to changes.
The following example shows how Dynamic Address Groups can simplify network security
enforcement. The example workflow shows how to:
- Create Dynamic Address Groups and define the tags to filter.
- Use Dynamic Address Groups in policy.
- Create Dynamic Address Groups.View the tutorial to see a big picture view of the feature.
- Select ManageNGFW and Prisma AccessObjectsAddressAddress Groups.Select Add Address Group and enter a Name and a Description for the address group.Select Type as Dynamic.Define the match criteria. You can select dynamic and static tags as the match criteria to populate the members of the group. Click Add Match Criteria, and select the And or Or operator and select the attributes that you would like to filter for or match against, then select Save. Negation isn’t supported.Click Commit.Use Dynamic Address Groups in policy.View the tutorial.
- Select ManageNGFW and Prisma AccessSecurity ServicesSecurity Policy.Select Add Rule and enter a Name and a Description for the policy.Add the Source Zone to specify the zone from which the traffic originates.Add the Destination Zone at which the traffic is terminating.For the Destination Address, select the Dynamic Address Group you just created.Specify the action— Allow or Deny—for the traffic, and optionally attach the default security profiles to the rule.Repeats steps 1 through 6 to create another security rule.Select Push Config.