Manage Device-ID
Focus
Focus

Manage Device-ID

Table of Contents
End-of-Life (EoL)

Manage Device-ID

Learn how to ensure your policy rule recommendations and device objects are current or how to restore policy rule recommendation mappings.
Perform the following tasks as needed to ensure your policy rule recommendations and device objects are current or to restore policy rule recommendation mappings.
  1. Update your policy rule recommendation whenever the
    New Updates Available
    column displays
    Yes
    for that recommendation.
    As devices gain new capabilities, IoT Security updates the policy rule recommendations to advise what additional traffic or protocols the firewall or Panorama should allow. Check IoT Security daily for updates and update your policy rule recommendations as soon as possible.
    1. On the IoT Security app,
      Edit
      the policy rules then click
      Next
      .
    2. Select the new recommendation then click
      Next
      .
    3. Save
      your changes.
    4. On the firewall or Panorama, click
      Import Policy Rules
      then click
      Yes
      to confirm that you want to overwrite the current rule.
      This action overwrites the recommendation for the rule, not the rule itself.
    5. (
      Panorama only
      ) Repeat the previous step for all device groups.
    6. Commit
      your changes.
  2. Review, update, and maintain the device objects in the Device Dictionary.
    You must create device objects for any devices that do not have an IoT Security policy rule recommendation. For example, you cannot secure devices such as laptops and smartphones using IoT Security policy rule recommendations, so you must create device objects for these types of devices and use them in your Security policy to secure these devices.
    1. Select
      Objects
      Devices
    2. Add
      a device object.
    3. Browse
      the list or
      Search
      using keywords.
      The search results can include multiple types of device object attributes (for example, both
      Category
      and
      Profile
      ).
    4. To add a custom device object, enter a
      Name
      and optionally a
      Description
      for the device object.
      Always use a unique name for each device object. Do not change the tags in the description for device objects from policy rule recommendations.
    5. (
      Panorama only
      ) Select the
      Shared
      option to make this device object available to other device groups.
    6. Select the attributes for the device object (
      Category
      ,
      OS
      ,
      Profile
      ,
      Osfamily
      ,
      Model
      , and
      Vendor
      ).
    7. Click
      OK
      to confirm your changes.
  3. In some cases (for example, if you restore a previous configuration), the policy rule recommendation-to-policy rule mappings may become out of sync. You must also sync the mappings on each firewall after you push the policy rules from Panorama to the firewalls that Panorama manages. To sync the mappings:
    • On the firewall, select
      Device
      Policy Recommendation
      Sync Policy Rules
    • For Panorama, select
      Panorama
      Policy Recommendation
      Sync Policy Rules
      .
    The firewall or Panorama scans all of the rules in the rulebase to check for tags that identify a rule as an IoT Security policy rule recommendation, obtains the source device object information, and repopulates the local policy rule recommendation database.
  4. Delete any policy rule recommendations that are no longer needed.
    If a policy rule recommendation no longer applies, you can remove the policy rule recommendation. You must also remove the rule for the policy rule recommendation to enforce the updated Security policy.
    1. On the IoT Security app, select
      Delete
      .
    2. Click
      Mark as Removed
      to select this recommendation for removal.
    3. Remove the mapping.
      • On the firewall, select
        Device
        Policy Recommendation
        Remove Policy Mapping
        .
      • For Panorama, select
        Device
        Policy Recommendation
        Remove Policy Mapping
        then select the
        Location
        from which you want to remove the mapping.
    4. Click
      Yes
      to confirm the mapping removal.
    5. Select
      Policies
      Security
      . For Panorama, select
      Policies
      Security
      Pre-Rules/Post-Rules
      .
    6. Select the rule for the policy rule recommendation you want to remove then select
      Delete
      .
    7. Commit
      your changes.
  5. Use CLI commands to troubleshoot any issues between the firewall and IoT Security.

Recommended For You