You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/partner-solutions/palo-alto/manage.md
+128-2Lines changed: 128 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Manage a Cloud Next-Generation Firewall (NGFW) by Palo Alto Networks Resource by Using the Azure portal
3
3
description: Manage your Cloud NGFW resource in the Azure portal, including networking, NAT, rulestack settings, logging, Domain Name System (DNS) proxy configuration, and billing plan changes.
4
4
ms.topic: how-to
5
-
ms.date: 06/26/2025
5
+
ms.date: 08/21/2025
6
6
ms.custom:
7
7
- ai-gen-docs-bap
8
8
- ai-gen-desc
@@ -29,9 +29,135 @@ You can view and change settings by selecting one of the following settings cate
29
29
- Properties
30
30
- Locks
31
31
32
+
## Networking & NAT
33
+
34
+
Select **Networking & NAT** under **Settings** in the left pane.
35
+
- In the **Networking** section, you can view networking settings.
36
+
- To add prefixes to the private traffic range, select **Edit**, select the **Additional Prefixes** checkbox, and then add the prefixes in the resulting text box.
37
+
- In the **Source Network Address Translation (SNAT)** section, you can make changes by selecting the **Edit** button. You can then update the **Public IP Addresses**, select or clear the **Use the above Public IP addresses** checkbox, or update the **Source NAT Public IPs**.
38
+
- In the **Destination Network Address Translation (DNAT)** section, you can make changes by selecting the **Edit** button. You can then add a frontend setting by selecting the **Add** button and providing a **Name**, **Protocol**, **Frontend IP**, **Frontend Port**, **Backend IP**, and **Backend Port**. You can also modify existing settings in this section.
39
+
- In the **Private Source NAT** section, you can add a destination address by selecting the **Edit** button and then adding the address in the **Private Source NAT Destination Address** box. Private Source NAT replaces the source IP address with the trusted firewall IP address.
40
+
41
+
## Security Policies
42
+
43
+
To view these settings, select **Security Policies** under **Settings** in the left pane.
44
+
45
+
The settings that you see on this tab depend on how your security policies are managed.
46
+
47
+
### Azure Rulestack
48
+
49
+
If your security policies are managed by an Azure rulestack, you see the settings described in this section.
50
+
51
+
1. In **Local Rulestack**, select an existing rulestack from the dropdown list.
52
+
1. To manage settings for a rulestack, select the rulestack name under **Local Rulestack**. This action takes you to the local rulestack page. In the left pane, you see the following settings categories under **Resources**:
53
+
- Rules
54
+
- Security Services
55
+
- Prefix List
56
+
- FDQN List
57
+
- Certificates
58
+
- Deployment
59
+
- Managed Identity
60
+
61
+
#### Rules
62
+
63
+
Select **Rules** under **Resources** in the left pane of the local rulestack page. A page appears that shows local rules and allows you to add, delete, and configure them.
64
+
- To edit a rule, select the checkbox next to it and then select **Edit**. A pane showing the configured parameters for the rule appears. You can edit the parameters.
65
+
- To add a rule, select **Add**. A pane that allows you to configure and validate the parameters appears.
66
+
- To delete a rule, select the checkbox next to it and then select **Delete**.
67
+
68
+
#### Security Services
69
+
70
+
Select **Security Services** under **Resources** in the left pane of the local rulestack page.
71
+
- Under **Advanced Threat Prevention**, you can enable, disable, and configure vulnerability protection, anti-spyware, antivirus, and file blocking profiles.
72
+
- Under **Advanced URL Filtering**, you can enable, disable, and configure URL access management profiles.
73
+
- Under **DNS Security**, you can enable, disable, and configure DNS security profiles.
74
+
- Under **Encrypted Threat Protection**, you can manage egress decryption settings.
75
+
76
+
#### Prefix List
77
+
78
+
Select **Prefix List** under **Resources** in the left pane of the local rulestack page. A page appears that shows prefixes and allows you to add, delete, and configure them.
79
+
- To edit a prefix, select the checkbox next to it and then select **Edit**. A pane showing the name, description, and address of the prefix appears. You can edit and validate the configuration.
80
+
- To add a prefix, select the **Add** button. A pane that allows you to enter a name, description, and address appears. You can also validate the parameters.
81
+
- To delete a prefix, select the checkbox next to it and then select **Delete**.
82
+
83
+
#### FQDN List
84
+
85
+
Select **FQDN List** under **Resources** in the left pane of the local rulestack page. A page appears that slows FQDNs and allows you to add, delete, and configure them.
86
+
- To edit an FQDN, select the checkbox next to it and then select **Edit**. A pane showing the configured name, description, and FQDN appears. You can edit and validate the configuration.
87
+
- To add an FQDN, select the **Add** button. A pane that allows you to enter a name, description, and FQDN appears. You can also validate the parameters.
88
+
- To delete an FQDN, select the checkbox next to it and then select **Delete**.
89
+
90
+
#### Certificates
91
+
92
+
Select **Certificates** under **Resources** in the left pane of the local rulestack page. A page appears that shows certificates and allows you to add, delete, and configure them.
93
+
- To add a certificate, select the **Add** button. A pane that allows you to configure the certificate appears. You can select the certificate from a key vault or paste in a URL. You can also add self-signed certificates.
94
+
- To edit a certificate, select the checkbox next to it and then select **Edit**. You can edit and validate the configuration.
95
+
- To delete a certificate, select the checkbox next to it and then select **Delete**.
96
+
97
+
#### Deployment
98
+
99
+
Select **Deployment** under **Resources** in the left pane of the local rulestack page.
100
+
- On the **Deployment** page, select **Deploy Configuration** to deploy changes that you made to the rulestack.
101
+
- Select **Revert** to remove all changes made since the last deployed configuration.
102
+
103
+
#### Managed Identity
104
+
105
+
1. Select **Managed Identity** under **Resources** in the left pane of the local rulestack page.
106
+
1. On the **Managed Identity** page, you can enable or disable managed identity.
107
+
- To enable managed identity, select **Enable MI** and then select an identity in the **Identity** list.
108
+
- To disable managed identity, clear the **Enable MI** checkbox.
109
+
110
+
### Strata Cloud Manager
111
+
112
+
If your security policies are managed by Strata Cloud Manager, you can view the **SCM Tenant ID** on the **Security Policies** tab.
113
+
114
+
### Panorama
115
+
116
+
If your security policies are managed by Panorama, you can change the **Panorama Registration String** on the **Security Policies** tab.
117
+
118
+
You can also view the following setting on this tab:
119
+
120
+
- Panorama IP 1
121
+
- Panorama IP 2
122
+
- Device Group
123
+
- Template Name
124
+
125
+
## Log Settings
126
+
127
+
1. Select **Log Settings** under **Settings** in the left pane.
128
+
1. Select **Edit** to enable **Log Settings**.
129
+
1. Select the **Enable Log Settings** checkbox.
130
+
1. In **Log Settings**, select the settings.
131
+
132
+
## DNS Proxy
133
+
134
+
1. Select **DNS Proxy** under **Settings** the left pane.
135
+
1. You can enable or disable **DNS Proxy** by selecting the appropriate option.
136
+
137
+
## Rules
138
+
139
+
1. Select **Rules** under **Settings** in the left pane.
140
+
1. You can view a list of existing rules on the **Rules** page. You can also search for rules.
141
+
1. To view configured parameters for a rule, double-click the rule.
142
+
143
+
> [!NOTE]
144
+
> If your security policies are managed by Panorama, your rules won't appear on this tab. You can view them in Panorama.
145
+
146
+
## Properties
147
+
148
+
1. Select **Properties** under **Settings** in the left pane.
149
+
1. On the **Properties** page, you can view various properties of the firewall, including essentials like the ID, name, and location, the network profile, DNS settings, and plan data.
150
+
151
+
## Locks
152
+
153
+
1. Select **Locks** under **Settings** in the left pane.
154
+
1. On the **Locks** page, you can view a list of locks.
155
+
- To edit a lock, select the **Edit** button next to the lock. You can also delete a lock.
156
+
- To add a lock, select **Add** and then enter a **Lock name**, **Lock type**, and, optionally, **Notes**.
157
+
32
158
## Change plan
33
159
34
-
To change the Cloud NGFW's billing plan, go to **Overview** and select **Change Plan**.
160
+
To change the Cloud NGFW's billing plan, select **Overview**in the left pane and then select **Change Plan**.
0 commit comments