Reuse IP addresses or address groups across policies. Define regions to
apply policy rules by country or location.
Classify network traffic by application. Use applications or
application group to simplify
policy creation.
- Traffic Objects
Define
cloud entities within specific clusters or VPC endpoints to apply
customized security policy rules.
- Service
Define security
rules for specific applications by selecting one or more services to
limit the port numbers that the applications can use. Combine services
into service groups for easier management.
- SaaS Tenant Restrictions
Centrally manage your SaaS applications for each
of your SaaS apps. Use SaaS App Management to enforce safe access for
your enterprise.
- HIP
Use host information
(HIP) from GlobalProtect to asses endpoint security posture. Grant hosts
access to your network or to sensitive resources based on their security
posture compliance.
- Dynamic user
groups
Auto-remediate anomalous user behavior and malicious
activity. Membership in a dynamic user group is tag-based – users are
included in the group only so long as they match your defined
criteria.
- Tags
Use tags to
identify the purpose of a rule or configuration object and to help you
better organize your rulebase.
- Auto-Tag Actions
Assign
tags based on log triggered activity. Specify the log criteria that
triggers security policy enforcement.
- Log Forwarding
Configure
log forwarding profile to send selected logs to your logging
service.
- External Dynamic
Lists
Use externally hosted text file for policy
enforcement. EDLs are checked at regular intervals for dynamic policy
enforcement.
- Certificate Management
Manage
certificates centrally to secure communication across your
network.
- Schedules
Limit
enforcement of a security policy rule to specific times that you
define.
- Quarantined Device
List
Manually or automatically (based on auto-tags) isolate
quarantined devices from accessing the network or restrict the device
traffic based on a security rule.