Objects are policy building blocks that group discrete identities such as IP addresses, URLs, applications, or users. Use them to define and group entities, settings, or preferences. You can then easily reference and reuse the objects in your policies. When you update an object definition (or if it can be updated dynamically), the policy rules referencing that object automatically enforce your latest changes. By grouping objects, you can significantly reduce the administrative overhead in creating policies.

Go to ManageConfigurationNGFW and Prisma AccessObjects to get started with policy objects.

Object	Description
Addresses	Reuse and reference an address or group of addresses across policy rules, filters, or other functions without having to manually add the address or addresses each time. You can define regions to apply policy to specified countries or locations. Applying policy based on region is a great way to control traffic between branch offices.
Applications	Your network traffic is automatically classified into applications that you can use to build a versatile security policy based on your business needs. To simplify the creation of security policies, applications requiring the same security settings can be combined into an application group. Application groups can include applications, application groups, and application filters.
Traffic Object	Create Traffic objects to specify cloud entities within specific clusters or VPC endpoints to enforce customized security policy rules.
Services	While the HTTP and HTTPS services are already defined for you and ready to use, you can add service definitions to control the port numbers that applications can use. You can combine services that are often assigned together into service groups to simplify the creation of security policies.
SaaS App Management	Centrally manage your SaaS applications for each of your SaaS apps. SaaS App Management lets you find features you can use to safely enable apps for your enterprise.
HIP	Decide what GlobalProtect app data (the host information profile, or HIP, data the app collects from endpoints) that you want to use to enforce security policy. Combine HIP objects to build a HIP profile. Think of HIP profiles as security posture checklists again which your hosts are evaluated, and each HIP object is one item on the list. You can grant hosts access to your network or to sensitive resources based on their security posture compliance.
Dynamic User Groups	Dynamic user groups give you a way to auto-remediate anomalous user behavior and malicious activity. Membership in a dynamic user group is tag-based – users are included in the group only so long as they match your defined criteria.
Tags	Use tags to identify the purpose of a rule or configuration object and to help you better organize your rulebase.
Auto-Tag Actions	Auto-tags give you a way to automate security actions based on activity. You can specify the log criteria that triggers security policy enforcement.
Log Forwarding	Configure a log forwarding profile to specify which logs to forward to your Logging Service.
External Dynamic Lists	An External Dynamic List (EDL) is an internally or externally hosted text file used for policy enforcement. The firewall check your EDLs at your configured intervals to enable dynamic policy enforcement.
Certificate Management	Centrally manage the certificates that secure communication across your network.
Schedules	Create a schedule to limit enforcement of a security policy rule to specific times that you define.
Quarantined Device Lists	Identify and quarantine compromised devices. You can either manually or automatically (based on auto-tags) add devices to a quarantine list. You can block quarantined devices from accessing the network or restrict the device traffic based on a security rule.