A policy object is a single object or a collective unit that groups discrete identities such as IP addresses, URLs, applications, or users. With policy objects that are a collective unit, you can reference the object in security policy instead of manually selecting multiple objects one at a time. Typically, when creating a policy object, you group objects that require similar permissions in policy. For example, if your organization uses a set of server IP addresses for authenticating users, you can group the set of server IP addresses as an address group policy object and reference the address group in the security policy. By grouping objects, you can significantly reduce the administrative overhead in creating policies.
You can create the following policy objects on the firewall:
Address/Address Group, Region
Allow you to group specific source or destination addresses that require the same policy enforcement. The address object can include an IPv4 or IPv6 address (single IP, range, subnet) or the FQDN. Alternatively, a region can be defined by the latitude and longitude coordinates or you can select a country and define an IP address or IP range. You can then group a collection of address objects to create an address group object.
You can also use dynamic address groups to dynamically update IP addresses in environments where host IP addresses change frequently.
The predefined External Dynamic Lists (EDLs) on the firewall count toward the maximum number of address objects that a firewall model supports.
Allow you to create a list of users from the local database or an external database and group them.
Application Group and Application Filter
An Application Filter allows you to filter applications dynamically. It allows you to filter, and save a group of applications using the attributes defined in the application database on the firewall. For example, you can Create an Application Filter by one or more attributes—category, sub-category, technology, risk, characteristics. With an application filter, when a content update occurs, any new applications that match your filter criteria are automatically added to your saved application filter.
An Application Group allows you to create a static group of specific applications that you want to group together for a group of users or for a particular service, or to achieve a particular policy goal. See Create an Application Group.
Allows you to specify the source and destination ports and protocol that a service can use. The firewall includes two pre-defined services—service-http and service-https— that use TCP ports 80 and 8080 for HTTP, and TCP port 443 for HTTPS. You can however, create any custom service on any TCP/UDP port of your choice to restrict application usage to specific ports on your network (in other words, you can define the default port for the application).
To view the standard ports used by an application, in ObjectsApplications search for the application and click the link. A succinct description displays.
Use Application Objects in Policy
Use Application Objects in Policy Create an Application Group Create an Application Filter Create a Custom Application ...
Objects Objects are the elements that enable you to construct, schedule, and search for policy rules, and Security Profiles provide threat protection in policy rules. ...
Map Applications to Business Goals for a Simplified Rulebas...
Map Applications to Business Goals for a Simplified Rulebase As you inventory the applications on your network, consider your business goals and acceptable use policies ...
Policy Enforcement using Dynamic Address Groups
Policy Enforcement using Dynamic Address Groups Unlike the other versions of the VM-Series firewall, because both virtual wire interfaces (and subinterfaces) belong to the same ...
Actions Supported on Applications
Actions Supported on Applications You can perform any of the following actions on this page: Actions Supported for Applications Description Filter by application To search ...
Create an Application Group
Create an Application Group An application group is an object that contains applications that you want to treat similarly in policy. Application groups are useful ...
Apply Policies to the VM-Series Firewall
Apply Security Policies to the VM-Series Firewall Now that you have created the steering rules on Panorama and pushed them to the NSX Manager, you ...
Policies > QoS
Policies > QoS Add QoS policy rules to define the traffic that receives specific QoS treatment and assign a QoS class for each QoS policy ...
Create a Custom Application
Create a Custom Application To safely enable applications you must classify all traffic, across all ports, all the time. With App-ID, the only applications that ...