Web Access Security policy rules offer a policy abstraction framework that transforms user intent into the policy language that the enforcement node understands, for PAN-OS and Explicit Proxy deployments. This helps to ensure continuity for current rules without altering your users' experience through default rule ordering.

These new Web Access policy rules incrementally enhance existing Web Security workflows. The change in behavior to this framework positions the newly created Global Web Access policy rules between Web Security rules and the regular security rules, with Global Catch All policy rules placed above the intrazone default rules in the post-rules section. This change in rule ordering allows you to use Web Access policy rules to create new internet security policy rules to preserve existing rules in your configuration. This feature provides significant benefits if you're using Prisma Access for internet security and deploying next-generation firewalls as internet gateways.