Global and Local Policy

Prisma Access configuration can be shared across your entire environment, or you can create configuration that is specific to a deployment type (mobile users, remote networks, or service connection sites).
Prisma Access configuration can apply globally across your entire environment, or you can create configuration that is specific to a deployment type (mobile users, remote networks, or service connection sites).
Configuration that can be applied at the global or local-level includes security policy, decryption, identity services, and network services.
  • Global
    rules help you to easily manage and enforce security policy requirements that apply in all cases.
    All rules, objects, and profiles that you create at the global level, can be leveraged in local configurations.
    As often as possible, we recommend that you work in the global configuration that applies across the Prisma Access service. Only create local configuration to address use cases that are unique to that part of your organization.
  • Local
    rules and objects apply to the deployments where they make sense, either mobile users, remote networks, or service connections.

See and Switch Configuration Scope

When it applies, you’ll always see the configuration scope at the top of the page, and you can also toggle between configuration levels.
Depending on the context you’re working in, you might also see a Location column displayed for rules or profiles. This column indicates the rule or profile’s configuration location: Prisma Access, Mobile Users, Remote Networks, or Service Connection.

Pre-Rules and Post-Rules

For security rules at the global level (meaning, they’re shared across the entire Prisma Access service), you can decide if the rule should be enforced ahead of local rules or after local rules. In Prisma Access, these are called pre-rules and post-rules.
  • Pre-rules
    are global rules that take precedence over deployment-specific rules and Prisma Access applies these to traffic first.
  • Post-rules
    are global rules that Prisma Access applies to traffic only after global pre-rules and local rules are applied.
When you’re setting up a global policy rule, specify for it to be a
pre-rule
or a
post-rule
.
When you’re looking at your security policy rulebase, you can easily identify pre- and post-rules and distinguish them from local rules.

Recommended For You