ZBFW Prefix Filters
Table of Contents
Expand all | Collapse all
-
-
- Configure Circuits
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Add a Branch
- Add a Data Center
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Enable IoT Device Visibility in Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Sub-Interface
- Configure a Loopback Interface
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
-
-
- Configure IPFIX
- Configure IPFIX Profiles
- Configure IPFIX Templates
- Configure Collector Contexts
- Configure Filter Contexts
- Configure Global IPFIX Prefixes
- Configure Local IPFIX Prefixes
- Attach an IPFIX Profile to an ION Device
- Attach a Collector Context to a Device Interface
- Attach a Filter Context to a Device Interface
- Configure High Availability (HA) for IPFIX
- Flow Information Elements
- Options Information Elements
- Configure SNMP
-
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
-
-
- Native SASE Integration with Prisma SD-WAN
- Connect a Single Prisma SD-WAN Site to Prisma Access
- Connect Multiple Prisma SD-WAN Sites to Prisma Access
- Edit Application Policy Network Rules
- Understand Service and Data Center Groups
- Verify Standard VPN Endpoints
- Configure Standard Groups
- Assign Domains to Sites
- Prisma SD-WAN Incidents and Alerts
ZBFW Prefix Filters
When you create prefix filters, specify the filters scope
to control whether it applies to global or local.
Prefix filters specify a group of one
or more individual IP addresses or IP address subnets. With security
policies, prefix filters restrict access within a branch and filter
out traffic to specific IP addresses within the particular source
and destination zones. As with application definitions, you can
reuse prefix filters across the rules and policy sets you have created
for security policy rules.
- Global prefix filters use the same set of prefixes. By applying the global prefix filters defined for custom applications, leverage the security policy application definition.
- Local prefix filters use branch location. They enable you to address site-specific scenarios where devices in a specific zone such as a guest zone.
Local filters allow administrators to create a
single policy across all sites to describe application behavior,
eliminating the need to develop individual policies on a per-site
basis. It automatically populates the prefix values for the specific
branch location and notifies the administrator to settle deals for
local prefix filters as needed, if you add a new branch, simplify
policy administration, and reduce the number of rules that need
to be configured and managed.