Network Segments Configuration
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
Network Segments Configuration
IoT Security uses network segments to identify unique devices that use a shared
IP address block.
Log in as a user with owner or administrator privileges and select NetworksNetworks and SitesNetwork Segments Configuration. There you can add, view, edit, and delete network segments used for
identifying devices with
devices with overlapping IP addresses.
Network segments rely on IP address-based site assignment to be effective. While you can
manage network segments when using firewall-based site assignment, they won't have any
effect.
There are two sections on the Network Segments Configuration page.
- At the top is a title bar, with titles for Networks, Network Segments Configuration, and Sites tabs. There is a global filter that controls the content displayed on the page by site, and the option to filter or query the content displayed on the page by firewall.
- The Segments section is a table with information about individual network segments.
Create and Manage Network Segments
When creating a new network segment, enter a name and one or more firewalls to
assign to the network segment. A network segment can have multiple firewalls
assigned to it, but each firewall can only be assigned to one network segment. If
you enter a firewall that is already assigned to a different network segment, the
old assignment will be removed when you save the new network segment.
Optionally, enter a description and a site assignment for the network segment. A
network segment can be assigned to only one site at a time. If no site is specified,
the network segment is assigned to the default site.
To edit an existing network segment, find the network segment in the Segments table
and click on the name to bring up the edit dialog box.
Reset and Delete Network Segments
When you reset or delete a network segment, all devices and attributes learned
through the network segment assignment are deleted from the assets inventory.
If you update the firewalls or the sites for a network segment, reset the network
segment. Resetting the network segment ensures that traffic is properly mapped to
the right device and avoids potential duplication or overriding of device
attributes. In the Segments table, select the check boxes next to the network
segments to reset, and then click Reset.
Delete network segments that you no longer need to avoid misidentification of
devices and device attributes. In the Segments table, select the network segments to
delete, and then click Delete. The network segment no longer
appears in the Segments table.