Where Can I Use This?	What Do I Need?
Prisma SD-WAN	Active Prisma SD-WAN license

Prisma SD-WAN supports Virtual Routing and Forwarding tables (VRFs) for Network (aka WAN) segmentation of application traffic. Network segmentation is a design strategy that divides a WAN into smaller, isolated networks, or segments. This approach helps to improve network security, optimize network traffic, and ensure high availability of network resources.

By segmenting the network, you can isolate different departments, locations, or types of traffic onto separate network segments. It reduces the risk of unauthorized access, limits the impact of security breaches, and provides better control over network resources.

WAN Segments are first defined in global VRF profiles. These VRF profiles are then bound to sites. After that, interfaces are configured with the appropriate VRF. When traffic enters the interface, it only considers destinations with the same VRF locally or across the fabric. If the traffic is destined to go across the fabric, it gets automatically encapsulated with a unique identifier specific to that VRF. Once the traffic reaches the remote ION, it can egress onto the VRF that is appropriately configured.

Network segmentation will help achieve isolation of application traffic for you who share the same WAN infrastructure by carrying the segment identifier over the WAN overlay. There are many applications and services on the network, each with various levels of security posture. A multi-segment solution is required to maximize control and separation between network segments.