//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

Tech Docs: Simplify Policy Management Using a Panorama Device Group Hierarchy


PANW-New-Logo-2

TechDocs_logo_lrg_final[1]

How Do Device Groups Help Me Manage Policy Rules?

Device groups make configuring firewalls easy by enabling you to group firewalls that require similar policy rules based on location and function. You can make your configuration workflow even easier by nesting device groups in a hierarchy with the predefined Shared location in the top layer and then parent and child device groups in descending layers. In a device group hierarchy, all firewalls inherit rules and objects that are common across your organization from Shared and the firewalls in child device groups inherit rules and objects from parent device groups. Inheritance enables you to avoid configuring duplicate settings in each device group.

How Do I Configure a Panorama Device Group Hierarchy?

Say you have data center firewalls in Chicago and Cairo and branch office firewalls in London and Shanghai. To avoid redundant configuration, you can create six device groups, each containing only the settings that are specific to the firewalls used for each function (data centers or branch offices) or each location (Chicago, Cairo, London, or Shanghai). Configuring the Chicago and Cairo device groups as children of the Data Center device group ensures that the firewalls in those locations inherit the Data Center settings. Similarly, configuring the London and Shanghai device groups as children of the Branch Office device group ensures that the firewalls in those locations inherit the Branch Office settings. All the firewalls in every location inherit shared settings.

(Click to view downloadable PDF.)

For detailed instructions, refer to Create a Device Group Hierarchy in the PAN-OS 7.1 Administrator’s Guide.

[Palo Alto Networks Research Center]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 124,682 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,533 other followers

Twitter Updates

Archives

July 2016
M T W T F S S
« Jun   Aug »
 123
45678910
11121314151617
18192021222324
25262728293031
%d bloggers like this: