Manage Device-ID

1. Update your policy rule recommendations as necessary.

   As IoT devices gain new capabilities, IoT Security updates its policy rule recommendations to advise what additional traffic or protocols firewalls should allow. Check IoT Security daily for changes and update your policy rule recommendations as soon as possible. The update procedure differs depending on whether you’re using Panorama to manage your firewalls.

   When using firewalls with Panorama management:

   1. (IoT Security) Edit the policy rules in an activated policy rules set and then click Next.
   2. Select any new recommendations, click Next, and then Save your changes.
   3. (Panorama) Select Policy RecommendationIoT and then Import Policy Rules.
   4. Choose one or more device groups and then click Yes to confirm that you want to overwrite current rule recommendations and previously imported rules in the rulebase.
   5. Commit your changes.

   When using firewalls without Panorama management:

   1. (IoT Security) Edit the policy rules in an activated policy rules set and then click Next.
   2. Select any new recommendations, click Next, and then Save your changes.
   3. (PAN-OS UI) Select Policy RecommendationIoT, note details of any policy rule recommendations with Yes in the New Updates Available column, and then edit and save the corresponding imported policy rule on the Policies page.
   4. Select Policy RecommendationIoT and then Sync Policy Rules to refresh the mapping between the edited rules and the rule recommendations.
      When the corresponding rules on the Policies page and Policy RecommendationIoT page match, the New Updates Available column changes from Yes to No.
   5. Commit your changes.
2. Review, update, and maintain the device objects in the Device Dictionary.

   You must create device objects for any devices that do not have an IoT Security policy rule recommendation. For example, you cannot secure traditional IT devices such as laptops and smartphones using IoT Security policy rule recommendations, so you must create device objects for these types of devices and use them in your Security policy to secure these devices.

   1. Select ObjectsDevices.
   2. Add a device object.
   3. Browse the list or Search using keywords.

      The search results can include multiple types of device object attributes (for example, both Category and Profile).
   4. To add a custom device object, enter a Name and optionally a Description for the device object.

      Always use a unique name for each device object. Do not change the tags in the description for device objects from policy rule recommendations.
   5. (Panorama only) Select the Shared option to make this device object available to other device groups.
   6. Select the attributes for the device object (Category, OS, Profile, Osfamily, Model, and Vendor).
   7. Click OK to confirm your changes.
3. Delete any policy rule recommendations that are no longer needed.

   If policy rule recommendations no longer apply, you can remove the recommendations and the rules mapped to the recommendations.

   1. In IoT Security, delete one or more policy rule recommendations from a policy rule set.

      Edit the policy set, clear the policy rules you want to remove, and then Save the policy set.
   2. Remove the mapping between rule recommendations and the related rules in the rulebase.

      (Firewall) Select DevicePolicy RecommendationIoT, select up to ten policy rule recommendations to remove, and then Remove Policy Mapping.

      (Panorama) Select DevicePolicy RecommendationIoT, select up to ten policy rule recommendations to remove, Remove Policy Mapping, and then select the Location from which you want to remove the mapping.
   3. Click Yes to confirm the mapping removal.
   4. Select PoliciesSecurity. For Panorama, select PoliciesSecurityPre-Rules/Post-Rules.
   5. Select the rules you want to remove from the rulebase and then Delete them.
   6. Commit your changes.
4. Use CLI commands to troubleshoot any issues between the firewall and IoT Security.