Manage: IoT Policy Recommendation
Strata Cloud Manager

Manage: IoT Policy Recommendation

Table of Contents

Manage: IoT Policy Recommendation

Create Security policy rules from automatically generated rule recommendations for next-generation firewalls or Prisma Access to enforce.
Where Can I Use This?
What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • NGFW (Managed by Strata Cloud Manager)
  • Prisma Access
  • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
  • IoT Security
    subscription for an advanced IoT Security product (Enterprise IoT Security Plus, Industrial IoT Security, or Medical IoT Security)
IoT Security provides
Strata Cloud Manager
with automatically generated Security policy rule recommendations organized by device profile. There is one recommendation per application per profile. Choose a profile, select the rule recommendations you want to use, and then the next-generation firewalls or
Prisma Access
deployment types where you want to enforce them.

Get Started

Select Security policy rule recommendations and apply them to next-generation firewalls or Prisma Access.
  1. Create folders or snippets for next-generation firewalls.
    Skip this step if you want to use predefined folders or previously created folders or snippets.
    Prisma Access
    folders are predefined.
    Folders are essentially containers that hold various kinds of rules, security configurations, and objects. For importing the policy rule recommendations that
    IoT Security
    IoT Security generated, the folders would hold next-generation firewalls or
    Prisma Access
    Snippets are also a type of container that can be associated with multiple folders. With folders and snippets, you can import policy rules into whichever groups of firewalls or deployments you want.
    For example, you might create a folder named California and put 60 firewalls in it and then create another folder named Hawaii and put 15 firewalls in that. You then create a snippet called CA-HI and apply it to the California and Hawaii folders. When you want to import rule recommendations only to firewalls in California, you set the scope as
    and select the California folder. If you want to import the rule recommendations to both California and Hawaii, set the scope as
    and select the CA-HI snippet.
    Depending on the hierarchy of the folder structure, we might have a parent folder like US-West above California and Hawaii. Then if you import rule recommendations while the scope is set as
    selected, then both of the children folders California and Hawaii would inherit the imported rules. However, this wouldn't work if you only wanted to import rules to California and Hawaii if they had sibling folders like Oregon, Alaska, Washington, and Arizona under the US-West folder. Then you'd have to use the CA-HI snippet.
  2. Create Security policy rules.
    1. Select
      IoT Policy Recommendation
    2. Select a profile name.
      IoT Security
      uses machine learning to automatically generate Security policy rule recommendations based on the normal, acceptable network behaviors of IoT devices in the same device profile.
      Strata Cloud Manager
      displays a list of these recommendations organized by application. For each behavior, you can see the following:
      Behavior Component
      App Risk
      This is the level of risk that’s inherent in an application as determined by various factors on a scale of increasing risk from 1 to 5.
      Security Policy Created
      When one or more names of folders or snippets appear here, it indicates a Security policy rule was previously created for this behavior. Clicking one of them opens a side panel with the names of the profile, application, and folder or snippet, and the policy rule action. When
      appears here, it indicates a rule has not yet been created.
      Discovered Location
      indicates that the destination is on the local network.
      indicates that the destination is outside the local network.
      Locally Observed
      indicates the behavior was observed in your IoT Security tenant environment.
      indicates it was observed in multiple IoT Security tenant environments but not in yours.
      App Usage
      indicates that an application has been detected in multiple IoT Security tenant environments.
      indicates that it has been observed in your environment but not in those of other tenants that also have devices in the same profile.
      Destination Address & FQDN
      This is the destination for a recommended policy rule. It can be Any, an IP address, or an FQDN.
      Destination Profile
      A profile is shown when the destination is internal and the device profile of the destination is identified.
      Last Seen
      For locally observed behaviors, this is the timestamp when it was last observed. For common behaviors not observed locally, a dash is shown.
    3. Select one or more behaviors and then
      Create Security Policy
    4. Review the Security policy rules that will be created and then select the config scope for where
      Strata Cloud Manager
      will apply them.
      To apply the rules to one or more next-generation firewalls or
      Prisma Access
      deployments in a folder, select
      and then choose the folder from Scope Selection.
      To apply the rules to one or more next-generation firewalls or
      Prisma Access
      deployments in a snippet, select
      and then choose the snippet from Scope Selection.
    5. Create Security Policy
  3. Push the configuration to next-generation firewalls and Prisma Access deployments.
    1. Select
      Push Config
    2. Select the folders with the configuration changes,
      Push Config
      , and then
      Strata Cloud Manager
      displays an ID number in the Job ID column for the selected folders and the status of the configuration push in the Push Status column.
      When the Push Status changes from
      , you know the pushed configuration has started running.
    3. To see the status of a push job, select
      Push Status
      . There you can see the status of the parent job and also the status of the children jobs, one for each firewall or deployment.

Recommended For You