Policy Rulebase Management Using Tags

Log in to the Panorama or firewall web interface.
Create your policy rulebase.
Create a Security Policy Rule
Create a Network Address Translation (NAT) Policy Rule
Create a Quality of Service (QoS) Policy Rule
Create a Policy Based Forwarding (PBF) Policy Rule
Create a Decryption Policy Rule
Create an Application Override Policy Rule
Create an Authentication Policy Rule
Create a Denial-of-Service (DoS) Policy Rule
Create and apply tags to the policy rules you created.
You must apply tags to the policy rule
Tag
field and not the
Group Rules by Tag
field.
Select
Policies
and change the policy rulebase view from the
Default View
to
Rulebase by Tags
.
On the left-hand size, the
Tag Browser
is displayed and all tags applied to all rules in the policy rulebase, the number of policy rules with the tag applied, and the
Rule Number
indicating the rule order for all policy rules within the policy rulebase with the tag applied.
Select the Tag Browser display settings.
(
Optional
) Use the search bar to search for a specific tag.
Keep enabled or disable
Filter by first tag in rule
.
When enabled, the Tag Browser displays the
Rule Count
and
Rule Number
data based on the first tag applied to each policy rule when multiple tags are applied. When disabled, the Tag Browser displays total
Rule Count
and
Rule Number
data when multiple tags are applied to your policy rules.
Select how to order tags in the Tag Browser.
Rule Order
—Order the policy rule tag data in the Tag Browser data based on how policy rules are ordered in the policy rulebase. This may mean that a tag applied to multiple policy rules will display multiple times in the Tag Browser if the tagged policy rules are dispersed throughout the policy rulebase.
Alphabetical
—Order the policy rule tag data in the Tag Browser based on the alphabetical order of applied tags.
Apply or remove tags from the Tag Browser.
The Tag Browser allows you to both apply a tag to policy rules within the policy rulebase, and remove a tag from all policy rules where the tag is currently applied.
Apply a tag from the Tag Browser
You can also drag and drop tags you want to apply from the Tag Browser to the policy rule you want to apply it to.
In the policy rulebase, select one or more policy rules that you want to apply a tag to.
In the Tag Browser
Tag (Rule Count)
column, select one or more tags you want to apply to the selected policy rules.
Expand the tag options and
Apply Tag to the Selection(s)
.
Review which tags you are apply to the selected policy rules and click
Yes
to apply the tags.
Remove tags from the Tag Browser
In the Tag Browser
Rule Number
column, expand the tag options and
Untag Rule(s)
.
A confirm window is displayed to confirm you want to untag your policy rules.
You can remove the tags from only the selected policy rules or check
Untag all the rules with the selected tag
to remove the tag from all policy rules with the tag.
Click
Yes
to untag all policy rules that have the selected tag applied.
Move tagged rules within your the policy rulebase.
You can use the Tag Browser to move multiple tagged rules at once to change the policy rulebase hierarchy as needed.
Select the
Rule Order
Tag Browser display setting.
In the Tag Browser
Rule Number
column, expand the tag options and
Move Rule(s)
.
Alternatively, you can drag and drop rules to reorder them in the policy rulebase.
Select the tag around which you want to move.
Move Before
or
Move After
as needed.
Add a new policy rule from the Tag Browser.
You can add a new policy rule with tags already assigned directly from the Tag Browser. The new policy rule is added as the lowest rule in the rule order based on the selected tag.
Select the
Rule Order
Tag Browser display setting.
In the Tag Browser
Rule Number
column, expand the tag options and
Add New Rule
and configure the policy rule as needed.
Filter the policy rulebase using a tag.
In the Tag Browser
Rule Number
column, expand the tag options and
Filter
the policy rulebase. This allows you to apply one or more tag search filters to the policy rulebase to narrow down the list of policy rules displayed.