Device Groups in this Use Case

In Use Case: Configure Firewalls Using Panorama, we need to define two device groups based on the functions the firewalls will perform:
  • DG_BranchAndRegional for grouping firewalls that serve as the security gateways at the branch offices and at the regional head offices. We placed the branch office firewalls and the regional office firewalls in the same device group because firewalls with similar functions will require similar policy rulebases.
  • DG_DataCenter for grouping the firewalls that secure the servers at the data centers.
We can then administer shared policy rules across both device groups as well as administer distinct device group rules for the regional office and branch office groups. Then for added flexibility, the local administrator at a regional or branch office can create local rules that match specific source, destination, and service flows for accessing applications and services that are required for that office. In this example, we create the following hierarchy for security rules. you can use a similar approach for any of the other rulebases.
Security Rules Hierarchy

Related Documentation