Limit enforcement of a Security rule to specific times
Where Can I Use This?
What Do I Need?
NGFW (Cloud Managed)
NGFW (PAN-OS & Panorama Managed)
Prisma Access (Managed by Strata Cloud Manager)
Prisma Access (Managed by Panorama)
Check for any license or role requirements for the products you're using.
By default, Security rules are always in effect (at all dates and times). To
limit a Security rule to specific times, you can define schedules, and then apply
them to the appropriate security rules. For each schedule, you can specify a fixed date
and time range or a recurring daily or weekly schedule.
When a Security rule is invoked by a defined schedule, only new sessions are
affected by the applied Security rule. Existing sessions are not affected by
the scheduled policy.
Create a schedule to limit a enforcement of a security rule to specific times
that you define.
Follow these steps to define a schedule that you can apply to a security rule.
Go to ManageConfigurationNGFW and Prisma AccessObjectsSchedulesServices.
Add Schedules.
Configure the settings in this table:
Schedule Settings
Description
Name
Enter a schedule name (up to 31 characters). This name
appears in the schedule list when defining security
policies. The name is case-sensitive and must be unique.
Use only letters, numbers, spaces, hyphens, and
underscores.
Recurrence
Select the type of schedule
(Daily,
Weekly, or
Non-Recurring).
Daily
Select Add and specify a
Start Time and End
Time in 24-hour format (HH:MM).
Weekly
Select Add, select a
Day of Week, and specify the
Start Time and End
Time in 24-hour format (HH:MM).
Non-recurring
Select Add and specify a
Start Date, Start
Time, End Date,
and End Time.
Save your configuration.
Select Push Config to save your configuration and deploy
it to your network.
Add a Schedule (PAN-OS & Panorama)
Create a schedule to limit enforcement of a Security rule to specific times
that you define.
Follow these steps to define a schedule that you can apply to a Security rule
.
Go to ObjectsSchedules.
Add a schedule.
Configure the settings in this table:
Schedule Settings
Description
Name
Enter a schedule name (up to 31 characters). This name
appears in the schedule list when defining security
security rules. The name is case-sensitive and must be
unique. Use only letters, numbers, spaces, hyphens, and
underscores.
Shared (Panorama only)
Select this option if you want the schedule to be
available to:
Every virtual system (vsys) on a multi-vsys. If
you clear this selection, the schedule will be
available only to the Virtual
System selected in the
Objects tab.
Every device group on Panorama. If you clear this
selection, the schedule will be available only to
the Device Group selected
in the Objects tab.
Disable override (Panorama only)
Select this option to prevent administrators from
overriding the settings of this schedule in device
groups that inherit the schedule. This selection is
cleared by default, which means administrators can
override the settings for any device group that inherits
the schedule.
Recurrence
Select the type of schedule
(Daily,
Weekly, or
Non-Recurring).
Daily
Select Add and specify a
Start Time and End
Time in 24-hour format (HH:MM).
Weekly
Select Add, select a
Day of Week, and specify the
Start Time and End
Time in 24-hour format (HH:MM).
Non-recurring
Select Add and specify a
Start Date, Start
Time, End Date,
and End Time.
