Configure a Filter Prefix List

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Configure a Filter Access List

Configure a Filter Community List

Configure a Filter Prefix List

Configure a filter prefix list to filter network routes that are added to a local RIB.

Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
NGFW, including those funded by Software NGFW Credits	One of these: AIOps for NGFW Premium or Strata Cloud Manager Pro Strata Cloud Manager Essentials (Supports only NGFWs)

Configure a filter prefix list to filter network routes that are added to the local RIB based on route prefix and prefix length. A prefix list can have multiple rules. Routes are evaluated against other rules in sequential order. When a route matches a rule, the deny or permit action occurs and the route isn’t evaluated against subsequent rules.

A prefix list is flexible in that it allows you to configure a prefix with a prefix length that together identifies the prefix, and also have a range by specifying that the prefix length be greater than, less than, or equal to a value. The firewall evaluates prefix lists more efficiently than access lists.

Log in to Strata Cloud Manager.
Select ManageConfigurationNGFW and Prisma AccessDevice SettingsRoutingProfilesFilters and select the Configuration Scope where you want to configure a prefix list.

You can select a folder or firewall from your Folders or select Snippets to configure a prefix list in a snippet.
Add Filters Prefix List.
Enter a Name for the prefix list.

The name must start with an alphanumeric character, underscore (_), or hyphen (-), and can contain a combination of alphanumeric characters, underscore, or hyphen. No dot (.) or space is supported.
Configure the prefix list rule.
1. Enter the Seq number of the prefix list filtering rules in the list of rules for the prefix list.
  Range is 1 to 65,535.
  
  Leave unused numbers between sequence numbers so you can insert additional rules faster.
2. Select the Action.
  
  Default is Deny.
3. Specify the Source Address.
  
  You can select None (default), Any, or Network.
  
  (Address only) If you select Address, enter the IPv4 Address and Wildcard mask to indicate a range. A zero (0) in the mask indicates that a bit must match the corresponding bit in the address; a one (1) in the mask indicates a "don't care" bit.
4. (Network only) Enter the IPv4 Network with a slash and prefix length.
  
  (Optional) Enter the prefix length that the prefix must be Greater Than or Equal to (range is 0 to 32.
  
  (Optional) Enter the prefix length that the prefix must be Less Than or Equal to (range is 0 to 32.
5. Add.
Save.

Configure a Filter Access List

Configure a Filter Community List

Next-Generation Firewall Docs

Configure a Filter Prefix List

Next-Generation Firewall Docs

Configure a Filter Prefix List

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner