https://live.paloaltonetworks.com/t5/general-topics/security-policies-amp-schedules/m-p/173068#M54528 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/37537">@mtizani</a>,</P> <P>&nbsp;</P> <P>For a feature request, you can reach out to your local SE.</P> <P>&nbsp;</P> <P>He/She should be able to create a new FR for you or add your vote to an already existing one.</P> <P>&nbsp;</P> <P>I was able to find some&nbsp;existing FRs that could be of interest for you :&nbsp;<SPAN>Related FRs: 4454, 4669, 4670, 5612</SPAN></P> <P>&nbsp;</P> <P><SPAN>4454 : FR&nbsp;for “graying” out a policy after a schedule has expired.</SPAN></P> <P><SPAN>4669 : FR for generating a system log upon rule schedule end.</SPAN></P> <P><SPAN>4670 : FR for a proactive notification of rules within a configurable threshold that are about to expire or reach the end of their schedule.</SPAN></P> <P><SPAN>5612 : FR so that&nbsp;after the expiration date the policy is disabled and removed automatically.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Seeing that there is currently no system log upon expiration I see no way to use snmptrap/email to inform security admins about this.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Cheers !</SPAN></P> <P><SPAN>-Kiwi.</SPAN></P> Thu, 24 Aug 2017 12:48:37 GMT kiwi 2017-08-24T12:48:37Z https://live.paloaltonetworks.com/t5/general-topics/security-policies-amp-schedules/m-p/172978#M54516 <P>Hello,</P><P>&nbsp;</P><P>Just a quick question.&nbsp; Unsure if this has been asked previously.&nbsp;</P><P>&nbsp;</P><P>When applying a non-reoccuring schedule to a security policy,&nbsp; I have noticed in pan 8.0.x, once the schedule has expired, the policy in the security policy view does not identify it as expired.&nbsp;<BR /><BR />I am trying avoid the obvious scenario of temporary policies being applied either due to a fault, project or change scenario.&nbsp; Generally project teams would not advise the security team of their completion and fail to raise requests to remove such scheduled policies.</P><P>&nbsp;</P><P>Was hoping that the webui would identify it somehow similar to when disabling a rule.&nbsp;</P><P>&nbsp;</P><P>Also is there the possibility of adding a row within the security policy view to identify or segregate policies, similar to checkpoints webui? A divider with a description?</P><P>&nbsp;</P><P>Thanks</P> Thu, 24 Aug 2017 04:10:55 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policies-amp-schedules/m-p/172978#M54516 mtizani 2017-08-24T04:10:55Z https://live.paloaltonetworks.com/t5/general-topics/security-policies-amp-schedules/m-p/173014#M54517 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/37537">@mtizani</a>,</P> <P>&nbsp;</P> <P>You are correct. &nbsp;</P> <P>The rule is still identified as 'Active' ... however it will never match seeing that the configured timeframe has expired.</P> <P>&nbsp;</P> <P>That said, PAN-OS doesn't have dividers for the security policy. &nbsp;Instead I'd recommend using tags to identify/segregate policies :</P> <P>&nbsp;</P> <P><A href="https://live.paloaltonetworks.com/t5/Tutorials/Tag-Browser/ta-p/96781" target="_blank">Tag Browser</A></P> <P>&nbsp;</P> <P>Cheers !</P> <P>-Kiwi.</P> Thu, 24 Aug 2017 06:55:08 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policies-amp-schedules/m-p/173014#M54517 kiwi 2017-08-24T06:55:08Z https://live.paloaltonetworks.com/t5/general-topics/security-policies-amp-schedules/m-p/173061#M54523 <P>Thanks Kiwi.</P><P><BR />That is unfortunate and possibly a feature request I can put through somewhere if you can guide me..&nbsp; In an environment with over 100+sec policies, would be good to clearly identify the expired scheduled rule by displaying the rule as disabled.</P><P>&nbsp;</P><P>You mentioning tags though might have triggered something here.&nbsp; I can possibly create a tag called 'Scheduled', tag relevant rules with expiry information etc in the description field and filter based on this.</P><P>&nbsp;</P><P>Was also wondering in terms of notifications if it was possible to fire an email/snmptrap etc to advise security admins of the expired rule?</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 24 Aug 2017 11:23:17 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policies-amp-schedules/m-p/173061#M54523 mtizani 2017-08-24T11:23:17Z https://live.paloaltonetworks.com/t5/general-topics/security-policies-amp-schedules/m-p/173068#M54528 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/37537">@mtizani</a>,</P> <P>&nbsp;</P> <P>For a feature request, you can reach out to your local SE.</P> <P>&nbsp;</P> <P>He/She should be able to create a new FR for you or add your vote to an already existing one.</P> <P>&nbsp;</P> <P>I was able to find some&nbsp;existing FRs that could be of interest for you :&nbsp;<SPAN>Related FRs: 4454, 4669, 4670, 5612</SPAN></P> <P>&nbsp;</P> <P><SPAN>4454 : FR&nbsp;for “graying” out a policy after a schedule has expired.</SPAN></P> <P><SPAN>4669 : FR for generating a system log upon rule schedule end.</SPAN></P> <P><SPAN>4670 : FR for a proactive notification of rules within a configurable threshold that are about to expire or reach the end of their schedule.</SPAN></P> <P><SPAN>5612 : FR so that&nbsp;after the expiration date the policy is disabled and removed automatically.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Seeing that there is currently no system log upon expiration I see no way to use snmptrap/email to inform security admins about this.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Cheers !</SPAN></P> <P><SPAN>-Kiwi.</SPAN></P> Thu, 24 Aug 2017 12:48:37 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policies-amp-schedules/m-p/173068#M54528 kiwi 2017-08-24T12:48:37Z