Stacked Security Policies
|
You can continue to use both original security policies and
stacked security policies after upgrading your ION device to
Release 5.6 or higher.
You can access the Security Policies
(Original) tab, only if you have already
configured original security policies. If you have started using
Prisma SD-WAN with Release 5.6 or later, you
will not be able to view or access the Security
Policies (Original) tab.
Before upgrading your device, ensure
that there is no stacked policy set having the same name as
the original policy set. In case there is a name
duplication, change the name of your stacked policy set and
then upgrade the device.
When you upgrade a device running versions lower than 5.6 to
version 5.6, and there are original security policy sets on the
device, the device transforms the original security policies to
stacked security policies. The device creates a new policy set
stack for the original security policy set. The device also
creates a default policy set from the default rules in the
original policies. The default policy set contains three
different rules—default-deny, intra-zone-allow, self-zone-allow.
|
You cannot downgrade ION devices running version 5.6 or higher if
you have attached a security stack to the sites having these
devices.
To downgrade, remove the security stack and then downgrade the
device.
|