I'm interested to learn how people name their groups within Active Directory that are used within the Palo Alto Firewall Policies.
Are they named randomly or does the name of the group identify what the policy does within the firewall.
I'm looking to come up with a naming scheme for myself that makes sense, is easy to manage and has relevance when identifying the policy within the firewall so I'd like to learn if others have come up with a scheme or system that they use that I could draw inspiration on for my requirements.
For example, if a policy is giving RDP access to a bunch of servers on floor 3 of office 1 is the rule named 'Off_1_Flr_3_RDP_allow' or is it called 'access to rdp for developers'.
Naming conventions that I've found most helpful over various employers are ones that are both brief and meaningful. This usually entails determining first the major categories and then sub-groups that have logical meaning for the organization. Then developing a short 3-4 letter abreviation for them to encode into the name.
You can further simplify the AD setup by creating security groups that simply contain other groups.
List of job roles that contain actual users
List of resources needing access security that contain job role groups only
The security policy then can be nuanced to either the resource or the role depending on the details of the rule.
And names are recognizable abbreviations of the resource or the role.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!