Monday, July 31, 2017

Palo Alto Networks - Tags, Dynamic Address Objects, and Policy Automation

Palo Alto Networks offers a variety of ways to automate configuration tasks. One of these ways is through the concept of tags. Tags allow administrators to group and visually distinguish objects within the PAN-OS GUI. A simple, real-world example would be when you manage multiple networks that may dynamically change, and don't want to have to update configuration information in multiple areas.
  • Navigate to Objects -> Tags, and create a tag that references an address group.
  • Navigate to Objects -> Address Groups, and create a Dynamic Address Group that references the tag created in the previous step.
  • Navigate to Objects -> Addresses, and create address objects that reference the tag created in the first step.

You can now create policies that reference the Dynamic Address Group as a source or destination address. This means that moving forward, any policy changes (from an address object perspective) will be updated automatically via how tags are applied.

No comments:

Post a Comment