Focus
Strata Cloud Manager

Configuration: Objects

Table of Contents

Configuration: Objects

Use objects in Strata Cloud Manager to build shared policy for your NGFWs and Prisma Access.
Where Can I Use This?What Do I Need?
  • Prisma Access
    (with Strata Cloud Manager or Panorama configuration management)
  • NGFWs
    (with Strata Cloud Manager or Panorama configuration management)
  • AI Runtime Security
  • At least one of these licenses is needed to manage your configuration with Strata Cloud Manager; for unified management of NGFWs and Prisma Access, you'll need both:
    • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
  • AI Runtime Security Licenses (BYOL)
  • AI Runtime Security Deployment Profile
Go to ConfigurationNGFW and Prisma AccessObjects to get started with policy objects.
Objects are policy building blocks that group discrete identities such as IP addresses, URLs, applications, or users. Use them to define and group entities, settings, or preferences. You can then easily reference and reuse the objects in your policies. When you update an object definition (or if it can be updated dynamically), the policy rules referencing that object automatically enforce your latest changes. By grouping objects, you can significantly reduce the administrative overhead in creating policies.
When used together, some objects can help you to automate policy action: auto-tags, dynamic user groups, and dynamic address groups.

Feature Highlights

  • Reuse IP addresses or address groups across policies. Define regions to apply policy rules by country or location.
  • Classify network traffic by application. Use applications or application group to simplify policy creation.
  • Traffic Objects
    Define cloud entities within specific clusters or VPC endpoints to apply customized security policy rules.
  • Service
    Define security rules for specific applications by selecting one or more services to limit the port numbers that the applications can use. Combine services into service groups for easier management.
  • SaaS Tenant Restrictions
    Centrally manage your SaaS applications for each of your SaaS apps. Use SaaS App Management to enforce safe access for your enterprise.
  • HIP
    Use host information (HIP) from GlobalProtect to asses endpoint security posture. Grant hosts access to your network or to sensitive resources based on their security posture compliance.
  • Dynamic user groups
    Auto-remediate anomalous user behavior and malicious activity. Membership in a dynamic user group is tag-based – users are included in the group only so long as they match your defined criteria.
  • Tags
    Use tags to identify the purpose of a rule or configuration object and to help you better organize your rulebase.
  • Auto-Tag Actions
    Assign tags based on log triggered activity. Specify the log criteria that triggers security policy enforcement.
  • Log Forwarding
    Configure log forwarding profile to send selected logs to your logging service.
  • External Dynamic Lists
    Use externally hosted text file for policy enforcement. EDLs are checked at regular intervals for dynamic policy enforcement.
  • Certificate Management
    Manage certificates centrally to secure communication across your network.
  • Schedules
    Limit enforcement of a security policy rule to specific times that you define.
  • Quarantined Device List
    Manually or automatically (based on auto-tags) isolate quarantined devices from accessing the network or restrict the device traffic based on a security rule.