Scribd
Upload
5 views

Device Group Objects

The document is the Panorama Administrator's Guide, which provides detailed information on configuring and managing device group objects within the Panorama system. It explains how objects can be reused across policy rules, the inheritance of object values, and options for managing unused objects and precedence of inherited objects. The guide emphasizes the importance of reducing administrative overhead and ensuring consistency in firewall policies through effective object management.

Uploaded by

bibist
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

Device Group Objects

The document is the Panorama Administrator's Guide, which provides detailed information on configuring and managing device group objects within the Panorama system. It explains how objects can be reused across policy rules, the inheritance of object values, and options for managing unused objects and precedence of inherited objects. The guide emphasizes the importance of reducing administrative overhead and ensuring consistency in firewall policies through effective object management.

Uploaded by

bibist
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

(/content/techdocs/en_US.

html)

Updated on Thu Mar 13 20:26:10 UTC 2025

Home (/) | Panorama (/content/techdocs/en_US/panorama.html)


| Panorama Administrator's Guide (/content/techdocs/en_US/panorama/10-1/panorama-admin.html)
| Panorama Overview (/content/techdocs/en_US/panorama/10-1/panorama-admin/panorama-overview.html)
| Centralized Firewall Configuration and Update Management (/content/techdocs/en_US/panorama/10-1/panorama-admin/panorama-
overview/centralized-firewall-configuration-and-update-management.html)
| Device Groups (/content/techdocs/en_US/panorama/10-1/panorama-admin/panorama-overview/centralized-firewall-configuration-and-
update-management/device-groups.html)
| Device Group Objects (/content/techdocs/en_US/panorama/10-1/panorama-admin/panorama-overview/centralized-firewall-
configuration-and-update-management/device-groups/device-group-objects.html)

DOWNLOAD PDF (/CONTENT/DAM/TECHDOCS/EN_US/PDF/PANORAMA/10-1/PANORAMA-ADMIN/PANORAMA-


ADMIN.PDF)

Panorama Administrator's Guide


(/content/techdocs/en_US/panorama/10-
1/panorama-admin.html)
Device Group Objects

Table of Contents

Objects are configuration elements that policy rules reference, for example: IP addresses, URL categories, security profiles,
users, services, and applications. Rules of any type (pre-rules, post-rules, default rules, and rules locally defined on a firewall)
and any rulebase (Security, NAT, QoS, Policy Based Forwarding, Decryption, Application Override, Captive Portal, and DoS
Protection) can reference objects. You can reuse an object in any number of rules that have the same scope as that object in
the Device Group Hierarchy (/content/techdocs/en_US/panorama/10-1/panorama-admin/panorama-overview/centralized-
firewall-configuration-and-update-management/device-groups/device-group-hierarchy.html#id014f3417-fe14-4fdd-8fd7-
c03ac8cb2e0b). For example, if you add an object to the Shared location, all rules in the hierarchy can reference that shared
object because all device groups inherit objects from Shared. If you add an object to a particular device group, only the rules
in that device group and its descendant device groups can reference that device group object. If object values in a device
group must differ from those inherited from an ancestor device group, you can Override inherited object values (see Step
Override inherited object values. (/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls/manage-
device-groups/create-a-device-group-hierarchy.html#ide198c2e5-87f0-482c-8ab1-a84e5d1295fb_id51965b5e-69e7-4ec7-
a41a-2ae000bc0407)). You can also Revert to Inherited Object Values (/content/techdocs/en_US/panorama/10-
1/panorama-admin/manage-firewalls/manage-device-groups/revert-to-inherited-object-values.html#idb6e923d1-c97d-
4ac3-8a3a-ec6a19e03082) at any time. When you Create Objects for Use in Shared or Device Group Policy
(/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls/manage-device-groups/create-objects-for-
use-in-shared-or-device-group-policy.html#id8a81daf5-4363-4971-b9ec-411c41b510ba) once and use them many times, you
reduce administrative overhead and ensure consistency across firewall policies.

You can configure how Panorama handles objects system-wide:

Pushing unused objects—By default, Panorama pushes all objects to firewalls regardless of whether any shared or device
group policy rules reference the objects. Optionally, you can configure Panorama to push only referenced objects. For
details, see Manage Unused Shared Objects (/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-
firewalls/manage-device-groups/manage-unused-shared-objects.html#idcca52320-952a-4a90-8247-a63cd24d34bd).
This site uses cookies
Precedence essential
of ancestor andtodescendant
its operation,objects
for analytics, and for personalized
—By default, when device content andat
groups ads. By
multiple levels in the hierarchy have
continuing
an objecttowith
browse
thethis
samesite,name
you acknowledge
but differentthevalues
use of (because
cookies. Privacy statement
of overrides, as an example), policy rules❯ Cookie Settings
in a descendant
(https://www.paloaltonetworks.com/legal-notices/privacy)
device group use the object values in that descendant instead of object values inherited from ancestor device groups or
Shared. Optionally, you can reverse this order of precedence to push values from Shared or the highest ancestor
containing the object to all descendant device groups. For details, see Manage Precedence of Inherited Objects
(/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls/manage-device-groups/manage-
precedence-of-inherited-objects.html#id99c22770-bee6-47fd-9b02-ac2b3dbf857a).
Was this information helpful?

Yes No

Next
Previous (/content/techdocs/en_US/panorama/10- (/content/techdocs/en_US/panorama/10-
1/panorama-admin/panorama- Centralized
Device 1/panorama-admin/panorama-
overview/centralized-firewall-configuration- Logging
Group overview/centralized-logging-and-
and-update-management/device- and
Policies reporting.html)
groups/device-group-policies.html) Reporting

Technical Documentation Co

Release Notes (/content/techdocs/en_US/release-notes.html) Abo


Search (/content/techdocs/en_US/search.html) Care
Blog (https://www.paloaltonetworks.com/blog/category/technical- Cus
documentation/) LIVE
Compatibility Matrix (/content/techdocs/en_US/compatibility- Kno
matrix.html)
OSS Listings (/content/techdocs/en_US/oss-listings.html)
Sitemap (/content/techdocs/en_US/sitemap.html)

(https://www.facebook.com/PaloAltoNetworks) (https://w
(https://www.youtube.com/channel/UCPRouchFt58TZnjoI65aelA)

(/content/techdocs/en_US.html) © 2025 Palo Alto Ne

You might also like