Learn how to create security rules on the Cloud NGFW for Azure.
| Where Can I Use This? | What Do I Need? |
|---|
|
|
- Cloud NGFW subscription
- Palo Alto Networks Customer Support Portal account
- Azure Marketplace subscription
|
Security rules protect network assets from threats and disruptions and
help to optimally allocate network resources for enhancing productivity and
efficiency in business processes. On Cloud NGFW for Azure, individual security rules
determine whether to block or allow a session based on traffic attributes, such as
the source and destination IP address, source and destination FQDNs, or the
application.
All traffic passing through the firewall is matched against a session and each
session is matched against a rule. When a session match occurs, the NGFW applies the
matching rule to bidirectional traffic in that session (client to server and server
to client). For traffic that doesn’t match any defined rules, the default rules
apply.
Security policy rules are evaluated left to right and from top to bottom. A packet is
matched against the first rule that meets the defined criteria and, after a match is
triggered, subsequent rules are not evaluated. Therefore, the more specific rules
must precede more generic ones in order to enforce the best match criteria.
After creating a rulestack, you can now create rules and add them to your rulestack.
To create security rules, familiarize yourself with
how
rulestacks
work.
