Check for any license or role requirements for the products you're using.
To secure applications and prevent threats in an environment
where new users and servers are constantly emerging, your security
policy must be nimble. To be nimble, the firewall must be able to
learn about new or modified IP addresses and consistently apply
policy without requiring configuration changes on the firewall.
This capability is provided by the coordination between the VM
Information Sources and Dynamic Address Groups features
on the firewall. The firewall and Panorama provide an automated
way to gather information on the virtual machine (or guest) inventory
on each monitored source and create policy objects that stay in
sync with the dynamic changes on the network.
VM
information sources provides an automated way to gather information on the
Virtual Machine (VM) inventory on each monitored source (host); the firewall can
monitor the VMware ESXi, vCenter Server, AWS-VPC, Microsoft Azure VNet, and
Google Cloud.
As you
provision or remove virtual machines in the private or public cloud, you can use
a Panorama plugin, a VM Monitoring script, or the VM Information Source on the
next-gen firewall to monitor changes on virtual machines (VMs) deployed in the
virtual environments.
Dynamic Address Groups are used in policy. They
allow you to create policy that automatically adapts to changes—adds, moves, or
deletions of servers. It also enables the flexibility to apply different rules
to the same server based on tags that define its role on the network, the
operating system, or the different kinds of traffic it processes.