Universally Unique Identifiers for Policy Rules
Universally unique identifiers (UUIDs) for
policy rules are permanent attributes that you can use to track
the history of changes to a rule, such as when it was last modified
and who made the most recent change to the rule, so that if you
change the rule’s name or delete it, you can still track the rule across
multiple rulebases. Using the UUID to search for a rule enables
you to highlight the specific rule you want to find among thousands
of rules, which may have similar or identical names. UUIDs also
simplify automation and integration for rules in third-party systems
(such as ticketing or orchestration) that do not support names.
Rule
UUIDs standardize tracking for policy modifications, making it easier
to demonstrate compliance with regulatory requirements. For example,
you can include the UUIDs when you export the rulebase to a
PDF or CSV file for internal reviews or audits. Including the UUID
in reports makes it easier
to track a rule, even after you change the name of the rule. You
can also use the UUID to query the rule in the logs, which helps
to create an audit trail.
Filtering by the rule
UUID makes it easier to pinpoint the specific rule you want to locate,
even among many similarly-named rules. If your ruleset is very large
and contains many rules, using the rule UUID as a filter highlights
the particular rule you need to find without having to navigate
through pages of results.
- Upgrade existing policy rules to include UUIDs.
- For standalone firewalls, upgrade to a PAN-OS 9.0 release to automatically generate UUIDs for all existing policy rules.
- For firewalls managed by Panorama, you must upgrade Panorama to PAN-OS 9.0 to automatically generate the UUIDs on Panorama and then push the policy rulebases with the UUIDs to the managed firewalls before you upgrade the firewalls. If you do not push the policy rulebases with the UUIDs to the managed firewalls before you upgrade them, the upgrade will not proceed.In Panorama, because the UUIDs are generated on a per-rule basis, all firewalls in the policy target receive a set of centralized rules from Panorama that are synced across HA firewalls. As a result, rules pushed from Panorama and all target devices for the policy rule will have the same UUID; however, if you create a rule locally on the firewall after you push the rules from Panorama to the firewalls, the rule you created locally will have its own UUID.
- Display the UUIDs.You can use UUIDs to identify applicable rules for the following log types: Traffic, Threat, URL Filtering, WildFire Submission, Data Filtering, GTP, SCTP, Tunnel Inspection, Configuration, and Unified.
- To display the UUID in logs:
- SelectMonitor, then expand the column header (
). - SelectColumns.
- SelectRule UUID.
- To display UUIDs on the policy rulebase:
- SelectPolicies, then expand the column header (
).
- SelectColumns.
- SelectUUID.UUIDs are available for all policy rulebases.
You can now view the UUID associated with the rule, which allows you to match the rule UUID with polices and logs. - (Optional) Monitor activity for the rule in the ACC.To apply the UUID as a filter in the ACC, you must copy and paste the UUID.
- Select theMonitortab to view the UUIDs for the rule that allows or denies the traffic that generated the log.
- Copy the UUID for the rule that allowed or denied the traffic on the firewall.
- Select the ellipses that display when you move your cursor over the entry in theRule UUIDcolumn.
- Copy the UUID from the pop-up.
Alternatively, you can go to thePoliciestab, expand the rule name, andCopy UUID.
- Add aRule UUIDglobal filter to the Application Command Center (ACC) for the rule.
- Select theACCtab.
- Add (
) a filter to the list of Global Filters. - Select .
- Paste the UUID to filter your results.
You can now see activity for the rule UUID in the ACC, making it easier to monitor events related to that rule.
