Prisma SD-WAN
Add Security Zones for Stacked Security Policies
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Add Security Zones for Stacked Security Policies
Learn how to create security zones for stacked security
policies.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Security Zones specify enforcement boundaries
where traffic is subject to inspection and filtering. Each security
zone maps to networks attached to physical interfaces, logical interfaces,
or sub-interfaces of a device. These zone-level interfaces serve
as a proxy for physical circuits and virtual circuits, such as VLAN,
Layer 3 VPN, and Layer 2 VPN circuits.
You can manage and
secure every interface in a zone independently.
- Allow or deny every interface in zone access to other zones within an enterprise network.
- Segregate interface traffic by blocking all access not explicitly allowed by the security policies of an enterprise.
- Isolate networks that have private or secure information by restricting access to it from public networks.
An
area includes source and destination zones with network IDs for
a site and is associated with one or more WAN, LAN, or VPN. Attach
a zone to multiple networks, but each network type LAN, WAN, or
VPN would be connected to one location. Typically, most organizations
create three to four zones to segregate traffic using the model’s
guest zone, one or more corporate LAN zones, an outside zone for
internet underlay, and a corporate WAN zone for private WAN and
VPN over the internet or private WAN.
Policy rules use zones
in the form of Source Zones or Destination Zones. In Security Policy
rules, specify the source and destination zones to which the rule
applies. You must establish one or more source and destination zones
for each security rule to configure. The source zone identifies
the network from where traffic originates and the destination zone
identifies the destination traffic of the network.
- Select ManagePoliciesSecuritySecurity ZonesAdd Security Zone.On the Add Security Zone screen, enter a Name for the security zone and an optional description.Enable the SYN EXCEPTION, to allow the ION Device to pass TCP sessions for flows associated with this Zone, even if it has not detected an establishment of TCP connection.Click Create to create a security zone.You must bind a zone to a site or a device interface(s) for policy rules to be effective.
Related CLIs
- inspect policy manager status
- inspect policy mix lookup flow
- inspect priority policy conflicts
- inspect priority policy dropped
- inspect priority policy hits default rule dscp
- inspect priority policy hits policy rules
- inspect priority policy lookup
- inspect security policy lookup
- inspect security policy size
- dump priority policy config policy rules
- dump priority policy config policy sets
- dump priority policy config policy stacks
- dump priority policy config prefix filters
- dump security policy config policy rules
- dump security policy config policy set
- dump security policy config policy set stack
- dump security policy config prefix filters
- dump security policy config zones