Internet Access Rule
The Internet Access rule revolutionizes Internet Access management. It offers easy
integration with the security rulebase, providing granular control over web application
access.
| Where Can I Use This? | What Do I Need? |
|---|
- Prisma Access (Managed by Strata Cloud Manager)
- NGFW (Managed by Strata Cloud Manager)
|
|
The Internet Access rule replaces the existing Web Access policy
rules with improved capabilities.
The Internet access rule is a new policy type within the security rulebase in Strata
Cloud Manager that optimizes the management of internet access use cases. You can
efficiently manage user access to web applications using the Internet Access rule,
including functional controls, data security inspections, and application tenant
handling. The integration of Internet Access rule with SaaS Security inline provides
native capabilities and eliminates the need to follow the policy recommendation
workflow.
Key features of the Internet Access rule include:
- The policy easily integrates into the security rulebase, coexisting with
traditional firewall access policy rules (security policy rules), giving you
full control over rule ordering. This structure provides you with flexibility in
rule ordering and usage. When creating policy rules, you can select from an
extensive, up-to-date list of SaaS applications and URL categories, ensuring
comprehensive coverage of your organization's needs.
- The policy's user and group integration utilizes information from the Cloud
Identity Engine, enabling granular access control tailored to your specific
requirements. When configuring SaaS applications, you can define precise
functional access levels for users, with controls dynamically adapting based on
the selected application.
- The Internet Access rule prioritizes data security and allows you to apply
robust inspections to all or specific applications and URLs within a policy. The
threat protection settings you define under determine the security inspection for these policy rules,
ensuring consistent and effective protection.
- Decryption settings offer further control. The policy decrypts outbound
internet-bound traffic by default, but you can fully customize it per scope or
for specific URL categories.
Internet Access Rule Migration
Internet Access rule migration transfers your existing web Security policy rules. The
system integrates Web Security policy rules and custom Web Access policy rules into
the new framework during your tenant upgrades. The system positions folder or
scope-level policy rules at the top of security rules within their scopes.
Web Security policy rules from the Prisma Access or Global folder level move directly
to the security rulebase of those levels. This migration maintains the policy
structure while integrating it into the new internet policy rule framework.
Rule Order for Internet Access Rule and Security Policy Rule
Child folders inherit Internet Access rules and other configuration rules from parent
folders. GlobalProtect™, Explicit Proxy, or Remote Networks place Internet Access
rules at the top of the rulebase. The system prioritizes security policy rules from
parent folders over Internet Access rules in child folders. Default security policy
rules remain at the bottom, below Internet Access rules in child folders. This order
allows evaluation of custom rules before default rules.
