: Device > Policy Recommendation
Focus
Focus

Device > Policy Recommendation

Table of Contents
End-of-Life (EoL)

Device > Policy Recommendation

Configure and view the Policy Recommendation settings on your firewall.
View information on the policy rule recommendations from the IoT Security app. The policy rule recommendation uses metadata that the firewall collects from traffic on your network to determine what behavior to allow for the device. You can check the policy rule recommendation version in DeviceDynamic UpdatesDevice-ID Content.
Button/FieldDescription
Policy Import DetailsView detailed information about the policy rule recommendation, such as device group Location, rule name, the user who imported the policy, whether the policy rule recommendation Is Updated, when the policy rule recommendation was imported, and when the policy rule recommendation was last updated.
Device ProfileThe device profile for the source device in the policy rule recommendation.
Source ZonesThe source zones for the policy rule recommendation.
AddressThe source address for the policy rule recommendation.
LocationThe device group on Panorama where this policy rule recommendation is available.
Destination Device ProfileThe destination device profile that the firewall allows for the policy rule recommendation.
Device IPThe IP address of the device that the policy rule recommendation allows.
FQDNThe fully qualified domain name (FQDN) that the policy rule recommendation identifies as allowed based on typical behavior for the device.
Destination ZonesThe destination zones that the policy rule recommendation allows.
Security ProfilesThe security profile that the policy rule recommendation allows.
ServicesThe services (for example, ssl) that the policy rule recommendation allows.
URL CategoryThe URL filtering categories that the policy rule recommendation allows.
ApplicationsThe applications that the policy rule recommendation allows.
TagsThe tags that identify the policy rule for the policy rule recommendation.
Do not change the tags of the policy rule; if you change the tags, the firewall cannot rebuild the policy mappings.
Internal DeviceIdentifies whether the device is from a zone that is internal to your network (Yes) or from an external internet-facing zone (No).
Active RecommendationIdentifies whether this policy rule recommendation is active and currently used in security policy or whether you have removed it from your security policy.
ActionIdentifies the action for this policy rule recommendation (default is allow).
New Update AvailableIdentifies that there is a new update for this policy rule recommendation that you must import from the IoT Security app. When you import the policy rule recommendation update, the firewall dynamically updates the security policy rule. If you have more than one device group, the value remains Yes until you import the policy rule recommendation update to all device groups.
Import PolicyAfter using the IoT Security app to Activate your policy rule recommendations, Import Policy to import the policy rule recommendations to use in your security policy rules.
Remove Policy MappingIf you no longer need the policy rule recommendation for a device, you can Remove Policy Mapping for it.
You must also delete the policy rule for the policy rule recommendation.
Rebuild All MappingsIf the mappings become out of sync (for example, if you restore a previous configuration) you can Rebuild All Mappings to restore the policy rule recommendation mappings.