Network Security
Cloud Managed
Table of Contents
Cloud Managed
Require that a description, tag or audit comment be entered when creating or editing
a security rule.
A comprehensive set of checks that are used to evaluate your configuration. Your configuration is
compared against these checks to assess the security posture of your devices and to
generate security alerts automatically when a rule doesn't adhere to best practices.
In addition to the predefined best practice checks, you can create your own custom
checks to cover any special requirements you may have. You can:
- Set the severity level for your custom checks to identify the checks that are the most critical to your deployment.
- Create and delete your own custom checks, clone existing checks and edit them to create new ones, and make special exceptions for checks you don't want applied to portions of your deployment.
- Set the response when a check fails.
- Alert(default)—Raises an alert for the failed check.
- Block—Stop potential misconfigurations before they enter your deployment. Here's what block means for your deployment depending on how you manage it:
- Inline Checks on Cloud Manager—Prevents you from committing or pushing a noncompliant configuration, but won't prevent you from saving your configuration locally.
- Real-Time Inline Checks on Cloud Manager—Prevents you from even saving a noncompliant configuration.
- Panorama Managed—Prevents you from committing a noncompliant configuration to Panorama, but won't prevent you from saving it to the Panorama candidate configuration.
- PAN-OS web interface, API, or CLI management—Block has no enforcement effect on configurations that are not either Cloud managed or Panorama managed.
