Import Updated SaaS Policy Recommendation
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Import Updated SaaS Policy Recommendation
When a SaaS Security administrator pushes
Security policy rule recommendations to a PAN-OS firewall (or Panorama),
the PAN-OS administrator can import those rules to gain visibility
into and control of the applications in the policy recommendation.
However, if the SaaS administrator updates the rule, for example
by adding or removing applications, the rule also needs to be updated
on the firewall.
If the SaaS Security administrator
pushes new or updated Application Groups, HIP profiles, or tags,
the firewall automatically creates or updates those objects. If
the SaaS Security administrator pushes Security profiles with the
policy recommendation update and those profiles don’t exist on the
firewall, the firewall import fails. If the profiles already exist
on the firewall, the import succeeds.
- Refresh (Check New Updates Available.If the value in the New Updates Available column is No, then there are no updates to the rule. If the value is Yes, then the SaaS administrator has pushed an update to the rule to the firewall. In addition, Active Recommendations shows the value active.Click the Application Group name in the Applications column to see the updated list of applications that the rule controls.Select a policy recommendation to update.You update only one policy recommendation at a time.Click Import Policy Rule to import the policy (if there are no updates to the rule, this option is grayed out and you can’t select it).The Import Policy Rule dialog appears. The Name is already populated and cannot be changed because the rule has already been imported. After Rule also cannot be changed in the dialog, but if you want to change the rule’s location in the Security policy rulebase, you can do that on PoliciesSecurity in the same way that you change the position of any Security policy rule. You can change the Description or leave it as-is.Click OK.Click Yes in Confirm Change to import the updated rule (or click No if you don’t want to import the changed rule).The firewall automatically makes any changes to the Application Group, HIP profiles, and tags associated with the rule.