Focus

Manage Device-ID

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Configure Device-ID

CLI Commands for Device-ID

Manage Device-ID

Ensure your policy rule recommendations and device objects are current and delete imported rules when they're no longer needed.

Perform the following tasks as needed to ensure your policy rule recommendations and device objects are current.

Update your policy rule recommendations as necessary.
As IoT devices gain new capabilities, IoT Security updates its policy rule recommendations to advise what additional traffic or protocols firewalls should allow. Periodically check policy rule recommendations for profiles with recommendations you've previously imported (Device or PanoramaPolicy RecommendationIoT). If there are additional ones without an entry in the Imported To column, they haven't been imported to the rulebase yet. Assess your security needs and consider importing these recommendations to the Security policy rulebase as described in Configure Device-ID.
Review, update, and maintain the device objects in the Device Dictionary.

You must create device objects for any devices that do not have an IoT Security policy rule recommendation. For example, you cannot secure traditional IT devices such as laptops and smartphones using IoT Security policy rule recommendations, so you must create device objects for these types of devices and use them in your Security policy rules to secure these devices.
1. Select ObjectsDevices.
2. Add a device object.
3. Browse the list or Search using keywords.
  The search results can include multiple types of device object attributes (for example, both Category and Profile).
4. To add a custom device object, enter a Name and optionally a Description for the device object.
  
  Always use a unique name for each device object. Do not change the tags in the description for device objects from policy rule recommendations.
5. (Panorama only) Select the Shared option to make this device object available to other device groups.
6. Select the attributes for the device object (Category, OS, Profile, Osfamily, Model, and Vendor).
7. Click OK to confirm your changes.
Delete any policy rule recommendations that are no longer needed.
If imported policy rules are no longer needed, you can remove them from the rulebase.
1. Select PoliciesSecurity. For Panorama, select PoliciesSecurityPre-Rules/Post-Rules.
2. Select the rules you want to remove from the rulebase and then Delete them.
3. Commit your changes.
  When you look at policy rule recommendations after deleting their corresponding rules from the rulebase, note that the Imported To column is now empty for them.
Use CLI commands to troubleshoot any issues between the firewall and IoT Security.

Configure Device-ID

CLI Commands for Device-ID

Next-Generation Firewall Docs

Manage Device-ID

Next-Generation Firewall Docs

Manage Device-ID

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner