Enforce Security Rule Description, Tag, and Audit Comment (Strata Cloud Manager)
Focus
Focus
Network Security

Enforce Security Rule Description, Tag, and Audit Comment (Strata Cloud Manager)

Table of Contents


Enforce Security Rule Description, Tag, and Audit Comment (Strata Cloud Manager)

Require that a description, tag or audit comment be entered when creating or editing a security rule.
A comprehensive set of Security checks that are used to evaluate your configuration. Your configuration is compared against these checks to assess the security posture of your devices and to generate security alerts automatically when a rule doesn't adhere to best practices. In addition to the predefined best practice checks, you can create your own custom checks to cover any special requirements you may have. You can:
  1. Set the severity level for your custom checks to identify the checks that are the most critical to your deployment.
  2. Create and delete your own custom checks, clone existing checks and edit them to create new ones, and make special exceptions for checks you don't want applied to portions of your deployment.
  3. Set the response when a check fails.
    • Alert (default)—Raises an alert for the failed check.
    • Block—Stop potential misconfigurations before they enter your deployment. Here's what block means for your deployment depending on how you manage it:
      • Inline Checks on Cloud Manager—Prevents you from committing or pushing a noncompliant configuration, but won't prevent you from saving your configuration locally.
      • Real-Time Inline Checks on Cloud Manager—Prevents you from even saving a noncompliant configuration.
      • Panorama Managed—Prevents you from committing a noncompliant configuration to Panorama, but won't prevent you from saving it to the Panorama candidate configuration.
      • PAN-OS web interface, API, or CLI management—Block has no enforcement effect on configurations that are not either Cloud managed or Panorama managed.