Track Rules Within a Rulebase (Strata Cloud Manager)
Keep track of rules within a rulebase; manage pre-rules and post-rules and view the
complete list of rules with numbers.
To view your Security policy rulebase, go to ManageConfigurationNGFW and Prisma AccessSecurity ServicesSecurity Policy. Read on to learn more about how your rulebase is organized.
Pre-Rules and Post-Rules
For security rules that are in the shared configuration folder (they apply
globally across your entire configuration), you can decide if the rule should be
enforced ahead of or after rules in the other configuration folders. These are
called pre-rules and post-rules.
With Strata Cloud Manager, you can apply configuration settings and
enforce policy globally across your entire environment, or target
settings and policy to certain parts of your organization. When working
in your Strata Cloud Manager configuration management, the current Configuration Scope is always
visible to you, and you can toggle your view to manage a broader or more
granular configuration.
Pre-rules are global rules that take precedence
over deployment-specific rules and are applied to traffic first.
Post-rules are global rules that are applied to
traffic only after shared pre-rules and deployment-specific rules are
applied.
When you’re setting up a shared security rule, specify for it to be a
pre-rule or a post-rule.
When you’re looking at your Security policy rulebase, you can easily identify
pre- and post-rules and distinguish them from deployment-specific rules.
When you’re working in a configuration folder that’s not shared, you
can still easily identify the rules that are shared across your entire
configuration — shared rules are highlighted so you can distinguish them from
the rules that are specific to another configuration folder.
Rule Numbers
After you push your configuration to your devices, view the complete list
of rules with numbers.
Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesSecurity Policy.