Policy Management - Policy Enforcement Using DAG

Printer Friendly Page

Policy Management - Policy Enforcement Using DAG


Implementing security policy is typically a static process – which means that any change in the security policy requires a configuration change on the firewall to update the security rules. PAN-OS has the capability to create dynamic security rules by using either static or dynamic tags and Dynamic Address Groups. The main benefits of Dynamic Address Groups is they:


Allow quick adaptation to changes in an evolving environment

Minimize the configuration changes that require intervention of the firewall administrator

Automate deployment and provisioning of new endpoints.


Policies with Dynamic Address Groups can also be used for threat prevention and containment purposes. This document presents various cases where the use of dynamic security policies leveraging Dynamic Address Groups is relevant.

Ask Questions Get Answers Join the Live Community
Version history
Revision #:
1 of 1
Last update:
‎05-25-2020 01:19 AM
Updated by: