Use the Tag Browser
The tag browser provides a way to view all the tags used within a rulebase. In rulebases with a large number of rules, the tag browser simplifies the display by presenting the tags, the color code, and the rule numbers in which the tags are used.
It also allows you to group rules using the first tag applied to the rule. As a best practice, use the first tag to identify the primary purpose for a rule. For example, the first tag can identify a rule by a high-level function such as best practice, or internet access or IT sanctioned applications or high-risk applications. In the tag browser, when you Filter by first tag in rule, you can easily identify gaps in coverage and move rules or add new rules within the rulebase. All the changes are saved to the candidate configuration until you commit the changes on the firewall and make them a part of the running configuration.
For firewalls that are managed by Panorama, the tags applied to pre-rules and post-rules that have been pushed from Panorama, display in a green background and are demarcated with green lines so that you can identify these tags from the local tags on the firewall.
- Explore the tag browser.
- Access the Tag Browser on the left pane of the Policies tab. The tag browser displays the tags that have been used in the rules for the selected rulebase, for example PoliciesSecurity.
- Tag (#)—Displays the label and the rule number or range of numbers in which the tag is used contiguously. Hover over the label to see the location where the rule was defined, it can be inherited from a shared location, a device group, or a virtual system.
- Rule—Lists the rule number or range of numbers associated with the tags.
- Sort the tags.
- Filter by first tag in rule—Sorts rules using the first tag applied to each rule in the rulebase. This view is particularly useful if you want to narrow the list and view related rules that might be spread around the rulebase. For example if the first tag in each rule denotes its function—best practices, administration, web-access, data center access, proxy—you can narrow the result and scan the rules based on function.
- Rule Order—Sorts the tags in the order of appearance within the selected rulebase. When displayed in order of appearance, tags used in contiguous rules are grouped. The rule number with which the tag is associated is displayed along with the tag name.
- Alphabetical—Sorts the tags in alphabetical order within the selected rulebase. The display lists the tag name and color (if a color is assigned) and the number of times it is used within the rulebase.The label None represents rules without any tags; it does not display rule numbers for untagged rules. When you select None, the right pane is filtered to display rules that have no tags assigned to them.
- Clear—Clears the filter on the currently selected tags in the search bar.
- Search bar—To search for a tag, enter the term and click the green arrow icon to apply the filter. It also displays the total number of tags in the rulebase and the number of selected tags.
- Expand or collapse the tag browser.
- Tag a rule.
- Select a rule on the right pane.
- Do one of the following:
- Select a tag in the tag browser and select Apply the Tag to the Selection(s) from the drop-down.
- Drag and drop tag(s) from the tag browser on to the Tags column of the rule. When you drop a tag, a confirmation dialog displays.
- Commit the changes.
- View rules that match the selected tags.You can filter rules based on tags with an AND or an OR operator.
Click the apply filter icon in the search bar on the right pane. The results are displayed using an AND operator.
- OR filter: To view rules that have specific tags, select one or more tags in the tag browser; the right pane only displays the rules that include any of the currently selected tags.
- AND filter: To view rules that have all the selected tags, hover over the number associated with the tag in the Rule column of the tag browser and select Filter. Repeat to add more tags.
- View the currently selected tags.To view the currently selected tags, hover over the Clear label in the tag browser.
- Untag a rule.Hover over the rule number associated with a tag in the Rule column of the tag browser and select Untag Rule(s). Confirm that you want to remove the selected tag from the rule. Commit the changes.
- Reorder rules using tags.Select one or more tags and hover over the rule number in the Rule column of the tag browser and select Move Rule(s).Select a tag from the drop-down in the move rule window and select whether you want to Move Before or Move After the tag selected in the drop-down. Commit the changes.
- Add a new rule that applies the selected tags.Select one or more tags and hover over the rule number in the Rule column of the tag browser, and select Add New Rule. Define the rule and Commit the changes.The numerical order of the new rule varies by whether you selected a rule on the right pane. If you did not select a rule on the right pane, the new rule will be added after the rule to which the selected tag(s) belongs. Otherwise, the new rule is added after the selected rule.
- Search for a tag.In the tag browser, enter the first few letters of the tag name you want to search for and click the Apply Filter icon. The tags that match your input will display.
Manage Tags The following table lists the actions that you can perform using the tag browser. Tag a rule. Select a rule on the right ...
Use the Tag Browser
Use the Tag Browser Policies > Rulebase (Security, NAT, QoS...) The tag browser presents a summary of all the tags used within a rulebase (policy ...
Objects > Tags
Objects > Tags Tags allow you to group objects using keywords or phrases. Tags can be applied to address objects, address groups (static and dynamic), ...
Use Tags to Group and Visually Distinguish Objects
Use Tags to Group and Visually Distinguish Objects You can tag objects to group related items and add color to the tag in order to ...
Create Tags Select Objects Tags to create a tag, assign a color, delete, rename, and clone tags. Each object can have up to 64 tags; ...
Use Dynamic Address Groups in Policy
Use Dynamic Address Groups in Policy Dynamic address groups are used in policy. They allow you to create policy that automatically adapts to changes—adds, moves, ...
Create and Apply Tags
Create and Apply Tags Create tags. To tag a zone, you must create a tag with the same name as the zone. When the zone ...
Modify Tags Select Objects Tags to perform any of the following operations with tags: Click the link in the Name column to edit the properties ...
Dynamically Quarantine Infected Guests
Dynamically Quarantine Infected Guests Threat and traffic logs in PAN-OS include the source or destination universally unique identifier (UUID) of guest VMs in your NSX ...