Enforce Policy Rule Description, Tag, and Audit Comment
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Enforce Policy Rule Description, Tag, and Audit Comment
Require that a description, tag or audit comment be entered
when creating or editing a policy rule.
When creating or modifying rules, you can
require a rule description, tag, and audit comment to ensure your
policy rulebase is correctly organized and grouped, and to preserve
important rule history for auditing purposes. By requiring a rule
description, tag, and audit comment, you can simplify your policy
rulebase review by ensuring that rules are appropriately grouped,
and that the rule change history is tracked when creating or modifying
a rule. For uniformity, you can set specific requirements for what
the audit comment can include.
By default, enforcement of a description, tag, and audit comment is not enabled. You can specify
whether a description, tag, audit comment, or any combination of these three is
required to successfully add or modify a rule. The audit comment archive allows you
to view the audit comments entered for a selected rule, review the configuration log
history, and compare rule configuration versions.
The
audit comment history includes all the comments entered for a selected policy
rule, including the audit comments entered for the policy rules that existed
before with the same name.
- Launch the Web Interface.Select DeviceSetupManagement and edit the Policy Rulebase Settings.Configure the settings you want to enforce. In this example, tags and audit comments are required for all policies.Enforce audit comments for policy rules to capture the reason an administrator creates or modifies a rule. Requiring audit comments on policy rules helps maintain an accurate rule history for auditing purposes.Configure the Audit Comment Regular Expression to specify the audit comment format.When administrators create or modify a rule, you can require they enter a comment those audit comments adhere to a specific format that fits your business and auditing needs by specifying letter and number expressions. For example, you can use this setting to specify regular expressions that match your ticketing number formats:
- [0-9]{<Number of digits>}—Requires the audit comment to contain a minimum number of digits that range from 0 to 9. For example, [0-9]{6} requires a minimum of six digit in a numerical expression with numbers 0 to 9.
- <Letter Expression>—Requires the audit comment to contain a letter expression. For example, Reason for Change- requires that the administrator begin the audit comment with this letter expression.
- <Letter Expression>-[0-9]{<Number of digits>}—Requires the audit comment to contain a predetermined character followed by a minimum number of digits that range from 0 to 9. For example, SB-[0-9]{6} requires the audit comment format to begin with SB-, followed by a minimum six digits in a numerical expression with values from 0 to 9. For example, SB-012345.
- (<Letter Expression>)|(<Letter Expression>)|(<Letter Expression>)|-[0-9]{<Number of digits>}—Requires the audit comment to contain a prefix using any one of the predetermined letter expressions with a minimum number of digits that range from 0 to 9. For example, (SB|XY|PN)-[0-9]{6} requires the audit comment format to begin with SB-, XY-, or PN- followed by a minimum of six digits in a numerical expression with values from 0 to 9. For example, SB-012345, XY-654321, or PN-012543.
Click OK to apply the new policy rulebase settings.Commit the changes.After you commit the policy rulebase settings changes, modify the existing policy rule based on the rulebase settings you decided to enforce.Verify that the firewall is enforcing the new policy rulebase settings.- Select Policies and Add a new rule.Confirm that you must add a tag and enter an audit comment click OK.