Universally Unique Identifiers for Policy Rules

Universally unique identifiers (UUIDs) for policy rules are permanent attributes that you can use to track the history of changes to a rule, such as when it was last modified and who made the most recent change to the rule, so that if you change the rule’s name or delete it, you can still track the rule across multiple rulebases. Using the UUID to search for a rule enables you to highlight the specific rule you want to find among thousands of rules, which may have similar or identical names. UUIDs also simplify automation and integration for rules in third-party systems (such as ticketing or orchestration) that do not support names.
Rule UUIDs standardize tracking for policy modifications, making it easier to demonstrate compliance with regulatory requirements. For example, you can include the UUIDs when you export the rulebase to a PDF or CSV file for internal reviews or audits. Including the UUID in reports makes it easier to track a rule, even after you change the name of the rule. You can also use the UUID to query the rule in the logs, which helps to create an audit trail.
Filtering by the rule UUID makes it easier to pinpoint the specific rule you want to locate, even among many similarly-named rules. If your ruleset is very large and contains many rules, using the rule UUID as a filter highlights the particular rule you need to find without having to navigate through pages of results.
  1. Upgrade existing policy rules to include UUIDs.
    • For standalone firewalls, upgrade to a PAN-OS 9.0 release to automatically generate UUIDs for all existing policy rules.
    • For firewalls managed by Panorama, you must upgrade Panorama to PAN-OS 9.0 to automatically generate the UUIDs on Panorama and then push the policy rulebases with the UUIDs to the managed firewalls before you upgrade the firewalls. If you do not push the policy rulebases with the UUIDs to the managed firewalls before you upgrade them, the upgrade will not proceed.
      In Panorama, because the UUIDs are generated on a per-rule basis, all firewalls in the policy target receive a set of centralized rules from Panorama that are synced across HA firewalls. As a result, rules pushed from Panorama and all target devices for the policy rule will have the same UUID; however, if you create a rule locally on the firewall after you push the rules from Panorama to the firewalls, the rule you created locally will have its own UUID.
  2. Display the UUIDs.
    You can use UUIDs to identify applicable rules for the following log types: Traffic, Threat, URL Filtering, WildFire Submission, Data Filtering, GTP, SCTP, Tunnel Inspection, Configuration, and Unified.
    • To display the UUID in logs:
      1. Select Monitor, then expand the column header ( column-arrow.png ).
      2. Select Columns.
      3. Select Rule UUID.
        column-rule-uuid.png
    • To display UUIDs on the policy rulebase:
      1. Select Policies, then expand the column header ( column-arrow.png ).
      2. Select Columns.
      3. Select UUID.
        UUIDs are available for all policy rulebases.
        column-uuid.png
    You can now view the UUID associated with the rule, which allows you to match the rule UUID with polices and logs.
  3. (Optional) Monitor activity for the rule in the ACC.
    To apply the UUID as a filter in the ACC, you must copy and paste the UUID.
    1. Select the Monitor tab to view the UUIDs for the rule that allows or denies the traffic that generated the log.
      copy-rule-uuid-query-builder.png
    2. Copy the UUID for the rule that allowed or denied the traffic on the firewall.
      1. Select the ellipses that display when you move your cursor over the entry in the Rule UUID column.
        copy-rule-uuid-ellipses.png
      2. Copy the UUID from the pop-up.
        copy-rule-uuid-pop-up.png
      Alternatively, you can go to the Policies tab, expand the rule name, and Copy UUID.
      policies-copy-uuid.png
    3. Add a Rule UUID global filter to the Application Command Center (ACC) for the rule.
      1. Select the ACC tab.
      2. Add ( add_icon.png ) a filter to the list of Global Filters.
      3. Select RuleRule UUID.
        acc-rule-rule-uuid.png
      4. Paste the UUID to filter your results.
      You can now see activity for the rule UUID in the ACC, making it easier to monitor events related to that rule.

Related Documentation