Is there an option to enforce a Tag, Description and/or Audit Comment information?

Is there an option to enforce a Tag, Description and/or Audit Comment information?

14097
Created On 02/23/19 01:49 AM - Last Modified 03/22/19 20:38 PM


Question


Use Case
  • Helps ensure all admins create security rules uniformly
  • Make certain non-required fields like tags, description, and audit comment required

Environment


  • PAN-OS 9.0

Answer


Starting in PAN-OS 9.0, new options are available in the GUI under Device > Setup > Management > Policy Rulebase Settings
User-added image

User-added image

Feature Details:
  • Adds the ability for superadmins to mandate entry in the Tag and Description field on rules
  • New field called “Audit Comment” which, tracks the history for changes as they are committed

Caveats:
  • By default, these settings are disabled
  • These options apply to all rulebases (security policies, NAT, QoS, DoS Protection etc)
  • These options are available at Panorama device level and within Panorama templates to be pushed to devices running 9.0 and later
  • When going to edit/add a security policy, the "OK" box will be grayed out until Description, Tags, and Audit Comment are met
    User-added image

Additional Information


PAN-OS® Administrator’s Guide - Enforce Policy Rule Description, Tag, and Audit Comment
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/enforce-policy-rule-description-tag-and-audit-comment.html

Refer to the 9.0 PAN-OS® New Features Guide
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features.html
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boAuCAI&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language