Network Security
Create, Apply, and Modify Tags
Table of Contents
Create, Apply, and Modify Tags
Tag objects to group related items and add color to the tag in order to visually
distinguish them for easy scanning.
You can tag objects to group related items and add color to the tag in order to
visually distinguish them for easy scanning. You can create tags for the following
objects: address objects, address groups, user groups, zones, service groups, and
security rules.
Both static tags and dynamic tags are supported. Dynamic tags are registered from a
variety of sources and are not displayed with the static tags because dynamic tags
are not part of the configuration. See Register IP Addresses and Tags Dynamically for information on registering tags
dynamically. The tags discussed in this section are statically added and are part of
the configuration.
You can apply one or more tags to objects and to security rules, up to a maximum of 64
tags per object. Panorama supports a maximum of 10,000 tags, which you can apportion
across Panorama (shared and device groups) and the managed devices (including
devices with multiple virtual systems).
Use tags to identify the purpose of a rule or configuration object and to help you
better organize your rulebase. To ensure that security rules are properly tagged, see
how to Enforce Security Rule Description, Tag, and Audit Comment. Additionally, you can View Rules by Tag Group (Panorama only) by first
creating and then setting the tag as the Group tag.
Create, Apply, and Modify Tags (Strata Cloud Manager)
Use tags to identify the purpose of a rule or configuration object and to help you
better organize your rulebase.
- Create and apply tags.To tag a zone, you must create a tag with the same name as the zone. When the zone is attached in security rules, the tag color automatically displays as the background color against the zone name.
- Select .Add Tag and enter a Name to identify the tag. The maximum length is 127 characters.(Optional) Assign a Color from the 38 predefined colors. By default, Color is None.Select Save and Push Config to save your changes.Apply tags to policy.
- Select and any rulebase under it.Add the Tag object you created in Step 1 to your security rule.Verify that the tags are in use.Apply tags to an address object, address group, service, or service group.
Create, Apply, and Modify Tags (PAN-OS & Panorama)
Use tags to identify the purpose of a rule or configuration object and to help you better organize your rulebase.- Create and apply tags.To tag a zone, you must create a tag with the same name as the zone. When the zone is attached in security rules, the tag color automatically displays as the background color against the zone name.
- Select .On Panorama or a multiple virtual system firewall, select the Device Group or the Virtual System to make the tag available.Add a tag and enter a Name to identify the tag or select a zone Name to create a tag for a zone. The maximum length is 127 characters.(Optional) Select Shared to create the object in a shared location for access as a shared object in Panorama or for use across all virtual systems in a multiple virtual system firewall.(Optional) Assign a Color from the 17 predefined colors. By default, Color is None.
![]()
Click OK and Commit to save your changes.Apply tags to policy.- Select Policies and any rulebase under it.Add a security rule and use the tagged objects you created in Step 1.Verify that the tags are in use.
![]()
Apply tags to an address object, address group, service, or service group.
