>
    Create, Apply, and Modify Tags
    Focus
    Download PDF
    Focus
    1. Home
    2. Network Security
    3. Network Security: Security Policy
    4. Policy Objects
    5. Policy Object: Tags
    6. Create, Apply, and Modify Tags
    Download PDF
    Network Security

    Create, Apply, and Modify Tags

    Table of Contents

    Create, Apply, and Modify Tags

    Tag objects to group related items and add color to the tag in order to visually distinguish them for easy scanning.
    Where Can I Use This?
    What Do I Need?
    • NGFW (Cloud Managed)
    • NGFW (PAN-OS & Panorama Managed)
    • Prisma Access (Cloud Management)
    • Prisma Access (Panorama Managed)
    Check for any license or role requirements for the products you're using.
    You can tag objects to group related items and add color to the tag in order to visually distinguish them for easy scanning. You can create tags for the following objects: address objects, address groups, user groups, zones, service groups, and security rules.
    Both static tags and dynamic tags are supported. Dynamic tags are registered from a variety of sources and are not displayed with the static tags because dynamic tags are not part of the configuration. See Register IP Addresses and Tags Dynamically for information on registering tags dynamically. The tags discussed in this section are statically added and are part of the configuration.
    You can apply one or more tags to objects and to security rules, up to a maximum of 64 tags per object. Panorama supports a maximum of 10,000 tags, which you can apportion across Panorama (shared and device groups) and the managed devices (including devices with multiple virtual systems).
    Use tags to identify the purpose of a rule or configuration object and to help you better organize your rulebase. To ensure that security rules are properly tagged, see how to Enforce Security Rule Description, Tag, and Audit Comment. Additionally, you can View Rules by Tag Group (
    Panorama only
    ) by first creating and then setting the tag as the Group tag.

    Cloud Managed

    Use tags to identify the purpose of a rule or configuration object and to help you better organize your rulebase.
    1. Create and apply tags.
      To tag a zone, you must create a tag with the same name as the zone. When the zone is attached in security rules, the tag color automatically displays as the background color against the zone name.
      1. Select
        Manage
        NGFW and
        Prisma Access
        Objects
        Tags
        .
      2. Add Tag
         and enter a
        Name
         to identify the tag. The maximum length is 127 characters.
      3. (
        Optional
        ) Assign a
        Color
         from the 38 predefined colors. By default,
        Color
         is
        None
        .
      4. Select
        Save
         and
        Push Config
         to save your changes.
    2. Apply tags to policy.
      1. Select
        Manage
        NGFW and
        Prisma Access
        Security Services
        Security Policy
         and any rulebase under it.
      2. Add the
        Tag
         object you created in Step 1 to your security rule.
      3. Verify that the tags are in use.
    3. Apply tags to an address object, address group, service, or service group.
      1. Create the object.
        For example, to create a service group, select
        Manage
        NGFW and
        Prisma Access
        Objects
        Service
        Service Groups
        Add Service Group
        .
      2. Select a
        Tag
         or enter a name in the field to create a new tag.
        To edit a tag or add color to the tag, see Modify Tags.

    Modify Tags

    • Select
      Manage
      NGFW and
      Prisma Access
      Objects
      Tags
       to perform any of the following operations with tags:
      • Click the
        Name
         to edit the properties of a tag.
      • Select a tag in the table and
        Delete
         the tag from your configuration.
      • Clone
         a tag to duplicate it with the same properties. A numerical suffix is added to the tag name (for example, FTP-1).
      • You can also
        Move
        a tag to a different configuration scope folder location.
      For information on working with tags, see View Rules by Tag Group.

    PAN-OS & Panorama

    Use tags to identify the purpose of a rule or configuration object and to help you better organize your rulebase.
    1. Create and apply tags.
      To tag a zone, you must create a tag with the same name as the zone. When the zone is attached in security rules, the tag color automatically displays as the background color against the zone name.
      1. Select
        Objects
        Tags
        .
      2. On Panorama or a multiple virtual system firewall, select the
        Device Group
         or the
        Virtual System
         to make the tag available.
      3. Add
         a tag and enter a
        Name
         to identify the tag or select a zone
        Name
         to create a tag for a zone. The maximum length is 127 characters.
      4. (
        Optional
        ) Select
        Shared
         to create the object in a shared location for access as a shared object in Panorama or for use across all virtual systems in a multiple virtual system firewall.
      5. (
        Optional
        ) Assign a
        Color
         from the 17 predefined colors. By default,
        Color
         is
        None
        .
      6. Click
        OK
         and
        Commit
         to save your changes.
    2. Apply tags to policy.
      1. Select
        Policies
         and any rulebase under it.
      2. Add
         a security rule and use the tagged objects you created in Step 1.
      3. Verify that the tags are in use.
    3. Apply tags to an address object, address group, service, or service group.
      1. Create the object.
        For example, to create a service group, select
        Objects
        Service Groups
        Add
        .
      2. Select a tag (
        Tags
        ) or enter a name in the field to create a new tag.
        To edit a tag or add color to the tag, see Modify Tags.

    Modify Tags

    • Select
      Objects
      Tags
       to perform any of the following operations with tags:
      • Click the
        Name
         to edit the properties of a tag.
      • Select a tag in the table and
        Delete
         the tag from the firewall.
      • Clone
         a tag to duplicate it with the same properties. A numerical suffix is added to the tag name (for example, FTP-1).
      For information on working with tags, see View Rules by Tag Group.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.