Use objects in Strata Cloud ManagerTM to build shared policy for your Next-Generation
Firewalls (NGFWs) and Prisma® Access.
Where Can I Use
This?
What Do I Need?
Prisma Access
(with Strata Cloud Manager or Panorama
configuration management)
NGFWs
(with Strata Cloud Manager or Panorama
configuration management)
AI Runtime Security
At least one of these licenses is needed to manage your
configuration with Strata Cloud Manager; for unified
management of NGFWs and Prisma Access, you'll need both:
AIOps for NGFW Premium license (use the Strata Cloud Manager app)
AI Runtime Security Licenses (BYOL)
AI Runtime Security Deployment Profile
Go to ConfigurationNGFW and Prisma AccessObjects to get started with policy objects.
Objects are policy building blocks that group discrete identities such as
IP addresses, URLs, applications, or users. Use them to define and group entities,
settings, or preferences. You can then easily reference and reuse the objects in
your Security policy rules. When you update an object definition (or if it can be
updated dynamically), the policy rules referencing that object automatically enforce
your latest changes. By grouping objects, you can significantly reduce the
administrative overhead in creating Security policy rules.
Reuse IP addresses or address groups across Security policy rules. Define
regions to apply policy rules by country or location. For modern
application environments using distributed servers, you can configure
FQDN address objects to use Load Balanced DNS logic. When enabled, the
network security platform maintains an aggregate list of up to 100
unique resolved IP addresses that have not yet reached their
time-to-live (TTL) expiration. This intelligent maintenance logic
prevents policy match failures for load-balanced application servers
that return only a subset of valid IP addresses in each query
response.
Define security
rules for specific applications by selecting one or more services to
limit the port numbers that the applications can use. Combine services
into service groups for easier management.
SaaS Tenant Restrictions
Centrally manage your SaaS applications for each
of your SaaS apps. Use SaaS App Management to enforce safe access for
your enterprise.
Use host information
(HIP) from GlobalProtect® to asses endpoint security posture. Grant
hosts access to your network or to sensitive resources based on their
security posture compliance.
Auto-remediate anomalous user behavior and malicious
activity. Membership in a dynamic user group is tag-based – users are
included in the group only so long as they match your defined
criteria.
Manually or automatically (based on auto-tags) isolate
quarantined devices from accessing the network or restrict the device
traffic based on a security rule.
