To use Panorama effectively, you have to group the firewalls
in your network into logical units called device groups.
A device group enables grouping based on network segmentation, geographic
location, organizational function, or any other common aspect of
firewalls that require similar policy configurations. Using device
groups, you can configure policy rules and the objects they reference.
You can organize device group hierarchically, with shared rules
and objects at the top, and device group-specific rules and objects
at subsequent levels. This enables you to create a hierarchy of
rules that enforce how firewalls handle traffic. For example, you
can define a set of shared rules as a corporate acceptable use policy.
Then, to allow only regional offices to access peer-to-peer traffic
such as BitTorrent, you can define a device group rule that Panorama
pushes only to the regional offices (or define a shared security rule
and target it to the regional offices). For the relevant procedures,
see Manage Device Groups. The following topics describe device group concepts and components
in more detail: