Configuration: Objects

Table of Contents

Configuration: Objects

Use objects in Strata Cloud Manager to build shared policy for your NGFWs and Prisma Access.

Where Can I Use This?	What Do I Need?
Prisma Access (with Strata Cloud Manager or Panorama configuration management) NGFWs (with Strata Cloud Manager or Panorama configuration management) AI Runtime Security	At least one of these licenses is needed to manage your configuration with `Strata Cloud Manager`; for unified management of NGFWs and Prisma Access, you'll need both: `Prisma Access` license AIOps for NGFW Premium license (use the Strata Cloud Manager app) AI Runtime Security Licenses (BYOL) AI Runtime Security Deployment Profile

Go to ConfigurationNGFW and Prisma AccessObjects to get started with policy objects.

Objects are policy building blocks that group discrete identities such as IP addresses, URLs, applications, or users. Use them to define and group entities, settings, or preferences. You can then easily reference and reuse the objects in your policies. When you update an object definition (or if it can be updated dynamically), the policy rules referencing that object automatically enforce your latest changes. By grouping objects, you can significantly reduce the administrative overhead in creating policies.

When used together, some objects can help you to automate policy action: auto-tags, dynamic user groups, and dynamic address groups.

Feature Highlights

Address
Reuse IP addresses or address groups across policies. Define regions to apply policy rules by country or location.
Application
Classify network traffic by application. Use applications or application group to simplify policy creation.
Traffic Objects
Define cloud entities within specific clusters or VPC endpoints to apply customized security policy rules.
Service
Define security rules for specific applications by selecting one or more services to limit the port numbers that the applications can use. Combine services into service groups for easier management.
SaaS Tenant Restrictions
Centrally manage your SaaS applications for each of your SaaS apps. Use SaaS App Management to enforce safe access for your enterprise.
HIP
Use host information (HIP) from GlobalProtect to asses endpoint security posture. Grant hosts access to your network or to sensitive resources based on their security posture compliance.
Dynamic user groups
Auto-remediate anomalous user behavior and malicious activity. Membership in a dynamic user group is tag-based – users are included in the group only so long as they match your defined criteria.
Tags
Use tags to identify the purpose of a rule or configuration object and to help you better organize your rulebase.
Auto-Tag Actions
Assign tags based on log triggered activity. Specify the log criteria that triggers security policy enforcement.
Log Forwarding
Configure log forwarding profile to send selected logs to your logging service.
External Dynamic Lists
Use externally hosted text file for policy enforcement. EDLs are checked at regular intervals for dynamic policy enforcement.
Certificate Management
Manage certificates centrally to secure communication across your network.
Schedules
Limit enforcement of a security policy rule to specific times that you define.
Quarantined Device List
Manually or automatically (based on auto-tags) isolate quarantined devices from accessing the network or restrict the device traffic based on a security rule.

Configuration: Identity Services

Certificate Management

Strata Cloud Manager Docs

Configuration: Objects

Strata Cloud Manager Docs

Configuration: Objects

Feature Highlights

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner

Translated Documents