Policy Rulebase Management Using Tags
Table of Contents
Expand all | Collapse all
-
- CN-Series Firewall as a Kubernetes CNF
- High Availability Support for CN-Series Firewall as a Kubernetes CNF
- High Availability Support for CN-Series Firewall on AWS EKS
- DPDK Support for CN-Series Firewall
- Daemonset(vWire) IPv6 Support
- Panorama Plugin for Kubernetes 3.0.0
- L3 IPV4 Support for CN-Series
- 47 Dataplane Cores Support for VM-Series and CN-Series Firewalls
- Memory Scaling of the VM-Series Firewall
Policy Rulebase Management Using Tags
Create and assign tags to policies rules in your policy rulebase to visually group
and perform operation procedures based to groups of policy rules.
Tags allow you to identify the purpose or function of a policy rule and help you
better organize your policy rulebase. PAN-OS 10.2.5 introduces the ability to
visually group and manage your policy rulebase using the assigned tags from the
Tag Browser. When viewing your policy
rulebase using tags, you can perform operation procedures such as adding, deleting,
or moving the rules with the applied tag more easily. Viewing your policy rulebase
using tags maintains the rule evaluation order.
For firewalls managed by a Panorama management server, you can create and assign tags
to policy rules from Panorama. Both Panorama, managed firewalls, and standalone
firewalls running PAN-OS 10.2.5 or later 10.2 release support policy rulebase base
management using tags. Policy rulebase management using tags is supported for all
policy types.
- Log in to the Panorama or firewall web interface.
- Create your policy rulebase.
- Create a Security Policy Rule
- Create a Network Address Translation (NAT) Policy Rule
- Create a Quality of Service (QoS) Policy Rule
- Create a Policy Based Forwarding (PBF) Policy Rule
- Create a Decryption Policy Rule
- Create an Application Override Policy Rule
- Create an Authentication Policy Rule
- Create a Denial-of-Service (DoS) Policy Rule
- Create and apply tags to the policy
rules you created.You must apply tags to the policy rule Tag field and not the Group Rules by Tag field.
- Select Policies and change the policy rulebase view from
the Default View to Rulebase by
Tags.On the left-hand size, the Tag Browser is displayed and all tags applied to all rules in the policy rulebase, the number of policy rules with the tag applied, and the Rule Number indicating the rule order for all policy rules within the policy rulebase with the tag applied.
- Select the Tag Browser display settings.
- (Optional) Use the search bar to search for a specific tag.
- Keep enabled or disable Filter by first tag in
rule.When enabled, the Tag Browser displays the Rule Count and Rule Number data based on the first tag applied to each policy rule when multiple tags are applied. When disabled, the Tag Browser displays total Rule Count and Rule Number data when multiple tags are applied to your policy rules.
- Select how to order tags in the Tag Browser.
-
Rule Order—Order the policy rule tag data in the Tag Browser data based on how policy rules are ordered in the policy rulebase. This may mean that a tag applied to multiple policy rules will display multiple times in the Tag Browser if the tagged policy rules are dispersed throughout the policy rulebase.
-
Alphabetical—Order the policy rule tag data in the Tag Browser based on the alphabetical order of applied tags.
-
- Apply or remove tags from the Tag Browser.The Tag Browser allows you to both apply a tag to policy rules within the policy rulebase, and remove a tag from all policy rules where the tag is currently applied.
-
Apply a tag from the Tag Browser
You can also drag and drop tags you want to apply from the Tag Browser to the policy rule you want to apply it to.- In the policy rulebase, select one or more policy rules that you want to apply a tag to.
- In the Tag Browser Tag (Rule Count) column, select one or more tags you want to apply to the selected policy rules.
- Expand the tag options and Apply Tag to the
Selection(s).Review which tags you are apply to the selected policy rules and click Yes to apply the tags.
-
Remove tags from the Tag Browser
- In the Tag Browser Rule Number column, expand the tag options and Untag Rule(s).
- A confirm window is displayed to confirm you want to untag your policy
rules.You can remove the tags from only the selected policy rules or check Untag all the rules with the selected tag to remove the tag from all policy rules with the tag.
- Click Yes to untag all policy rules that have the selected tag applied.
-
- Move tagged rules within your the policy rulebase.You can use the Tag Browser to move multiple tagged rules at once to change the policy rulebase hierarchy as needed.
- Select the Rule Order Tag Browser display setting.
- In the Tag Browser Rule Number column,
expand the tag options and Move Rule(s).Alternatively, you can drag and drop rules to reorder them in the policy rulebase.
- Select the tag around which you want to move.
- Move Before or Move After as needed.
- Add a new policy rule from the Tag Browser.You can add a new policy rule with tags already assigned directly from the Tag Browser. The new policy rule is added as the lowest rule in the rule order based on the selected tag.
- Select the Rule Order Tag Browser display setting.
- In the Tag Browser Rule Number column, expand the tag options and Add New Rule and configure the policy rule as needed.
- Filter the policy rulebase using a tag.In the Tag Browser Rule Number column, expand the tag options and Filter the policy rulebase. This allows you to apply one or more tag search filters to the policy rulebase to narrow down the list of policy rules displayed.