Tutorial: How to enable/disable/clone rules!

by ‎07-17-2017 09:06 AM - edited ‎07-24-2017 12:16 PM (10,607 Views)

Hi everyone, this is Kim from the Palo Alto Networks community team, bringing you a new Palo Alto Networks video tutorial.

 

Today's video will cover disabling, enabling and cloning rules.  Let continue to our firewall and check out what it's all about.

 

 

To illustrate this feature, I'll go to the policies tab. Here, you can choose any policy you need. For the sake of this tutorial, I'll be using examples on the Security Policy. I have loaded a random policy on this device.

 

Looking at the rulebase, you'll immediately see some differences between the rules.  Some are greyed out, some are highlighted in yellow and some are just blue.

 

Notice that without selecting any rule, the only option available to us is to Add a new rule.

 

Moving forward, let's take a local rule for example ... which is a blue one.  For example, let's grab this 'blockwrar' rule. Select it first so that it's highlighted.  You'll notice some options become available.  'Delete', 'Clone', 'Enable', 'Disable' and 'Move'.

Let's start by disabling this rule. You'll notice that the rule will become greyed out after doing so. This also means that the other greyed out rules are rules that haven been disabled already.

 

For example, this 'blockfacebook' rule.  Let's go ahead and select it.  The same options are available, so let's go and enable this one.  Notice how the rule turns blue again, indicating that the rule is enabled.  This manipulation isn't limited to just one rule. You can easily select multiple rules and disable/enable them at the same time.  In this example, let's grab rule 6 to 9.  Notice that just clicking different rules will select the rules individually.  To select more that one rule, use the shift key or ctrl key (cmd key on Mac) and click the desired rules.  Let's disable the selected rules. Notice that all the selected rules are now greyed out and just as easily you can enable them again by clicking the enable button.

 

Another option is to clone the selected rule/rules.  Select the rule you would like to clone and hit the clone button.  The clone window will pop up allowing you some options on where to put the cloned rules. Notice that a copy or clone was created of the selected rule and it's placed at the location you specified in the clone menu.  Similarly to enabling/disabling rules, you can clone multiple rules at once.  Just select the desired rules and hit the clone button. Specify the destination and voila, you'll have a set of cloned rules.

 

This policy does have a special rule at the top.  Notice the yellow rule 'panotap' at the top.  Select it and notice the available options.  You cannot disable/enable or delete this rule.  That's because this rule was pushed from Panorama and it's a 'read-only' rule.  You will see this when you open the rule.  You can however clone this rule.  This will create a local copy on the firewall.  One that you can disable/enable and delete.

 

For traffic that doesn’t match any user-defined rules, the default rules apply. The default rules—displayed at the bottom of the security rulebase—are predefined to allow all intrazone traffic (within the zone) and deny all interzone traffic (between zones). Although these rules are part of the pre-defined configuration and are read-only by default, you can override them and change a limited number of settings, including the tags, action (allow or deny), log settings, and security profiles.

 

A nice example of how this can be useful is, let's say you have a rulebase of 200-300 rules and you have disabled rules distributed throughout your policy.  You don't want to scroll down your policy searching for the disabled rules and enable them one by one.  A nice trick to see only the disabled rules is to use the filter (disabled eq 'yes').  This will show you all the disabled rules, making it a lot easier to select the ones you would like to enable.  

 

All of the mentioned actions are also possible in the other policies.  For example let's have a quick look at the decryption rules. You will see that we already have some disabled rules configured and the same action options are available.

 

That's it for me, I hope this video was useful for you and feel free to post your comments or questions below!

 

Cheers !

-Kiwi

Ask Questions Get Answers Join the Live Community
Labels