>
    Strata Copilot
    Create a Rulestack on Cloud NGFW for Azure
    Focus
    Download PDF
    Focus
    1. Home
    2. Cloud NGFW for Azure Administration
    3. Protect Traffic with Cloud NGFW for Azure
    4. Cloud NGFW Native Policy Management
    5. Create a Rulestack on Cloud NGFW for Azure
    Download PDF
    Cloud NGFW for Azure

    Create a Rulestack on Cloud NGFW for Azure

    Table of Contents

    Create a Rulestack on Cloud NGFW for Azure

    Learn how to create a rulestack on Cloud NGFW for Azure.
    Where Can I Use This?What Do I Need?
    • Cloud NGFW for Azure
    • Cloud NGFW subscription
    • Palo Alto Networks Customer Support Portal account
    • Azure Marketplace subscription
    Rulestacks defines access control (App-ID, URL Filtering) and threat prevention behavior of Cloud NGFW resources. A Cloud NGFW resource uses your rulestack definitions to protect the traffic by a two-step process. First, it enforces your rules on the to allow or deny your traffic. Second, it performs content inspection on the allowed traffic based on what you specify on the Security Profiles. A rulestack includes a set of security rules, associated objects, and profiles similar to device groups on Panorama.
    Cloud NGFW for Azure supports a local rulestack. A Local rulestack consists of local rules and manages the local rules. A local account administrator can associate a local rulestack to an NGFW in their AWS account. To create and manage local rulestacks, you must have the Local rulestack admin role.
    In the Cloud NGFW, you can author local rulestacks if you are assigned the LocalRuleStackAdmin role.
    If you are deploying the firewall for the first time and intend to use Strata Cloud Manager for policy management, you must deploy a local rulestack first. Deploying a local rulestack is free.
    Complete the following procedure to create a local rulestack in Azure Portal.
    1. In the Azure Portal, use the search bar to locate the Local Rulestack .
    2. Click Create.
    3. Choose Subscription and Resource Group from their respective drop-downs in the Project details section of the Basics tab.
    4. Enter a descriptive Name for your rulestack.
    5. Enter the supported Region for your rulestack.
    6. Click the Tags tab.
      1. Enter the Name and Value.
      2. Click Review+create.
    7. Review the rulestack options you have selected and click Create.
    8. After successfully creating the local rulestack, register it in the Azure Portal by creating a customer support case. For more information, see Register for Support.

    © 2026 Palo Alto Networks, Inc. All rights reserved.