>
    Strata Copilot
    Manage Device-ID
    Focus
    Download PDF
    Focus
    1. Home
    2. Network Security
    4. Manage Device-ID
    Download PDF
    Network Security

    Manage Device-ID

    Table of Contents

    Manage Device-ID

    Ensure your policy rule recommendations and device objects are current and delete imported rules when they are no longer needed.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by PAN-OS or Panorama)
    • (Legacy) IoT Security (Standalone portal)
    • Device Security subscription for an advanced Device Security product (Enterprise Plus, Industrial OT, or Medical)
    Perform the following tasks to ensure your policy rule recommendations and device objects are current.
    1. Update your policy rule recommendations.
      As IoT devices gain new capabilities, Device Security updates its policy rule recommendations to advise what additional traffic or protocols firewalls should allow. Periodically check policy rule recommendations for profiles with recommendations you have previously imported (Device or PanoramaPolicy RecommendationIoT). If there are additional ones without an entry in the Imported To column, they have not been imported to the rulebase yet. Assess your security needs and consider importing these recommendations to the Security policy rulebase as described in Configure Device-ID.
    2. Review, update, and maintain the device objects in the device dictionary.
      Create device objects for any devices that don’t have an Device Security policy rule recommendation. For example, you can’t secure traditional IT devices such as laptops and smartphones using Device Security policy rule recommendations, so you must create device objects for these types of devices and use them in your Security policy rules to secure these devices.
      1. Select ObjectsDevices.
      2. Add a device object.
      3. Browse the list or Search using keywords.
        The search results can include multiple types of device object attributes (for example, both Category and Profile).
      4. To add a custom device object, enter a Name and optionally a Description for the device object.
        Always use a unique name for each device object. Don’t change the tags in the description for device objects from policy rule recommendations.
      5. (Panorama only) Select the Shared option to make this device object available to other device groups.
      6. Select the attributes for the device object (Category, OS, Profile, Osfamily, Model, and Vendor).
      7. Click OK to confirm your changes.
    3. Delete any policy rule recommendations that you no longer need.
      If you no longer need some imported policy rules, you can remove them from the rulebase.
      1. Select PoliciesSecurity. For Panorama, select PoliciesSecurityPre-Rules/Post-Rules.
      2. Select the rules you want to remove from the rulebase and then Delete them.
      3. Commit your changes.
        When you look at policy rule recommendations after deleting their corresponding rules from the rulebase, the Imported To column is now empty for them.
    4. Use CLI commands to troubleshoot any issues between the firewall and Device Security.

    © 2025 Palo Alto Networks, Inc. All rights reserved.