Shared Policy: Pre-Rules and Post-Rules

Enforce shared rules (rules that apply globally to your Prisma Access environment) before or ahead of local rules.
For security rules that are in the shared configuration folder (they apply globally across the entire Prisma Access service), you can decide if the rule should be enforced ahead of or after rules in the other configuration folders. In Prisma Access, these are called pre-rules and post-rules.
  • Pre-rules
    are global rules that take precedence over deployment-specific rules and Prisma Access applies these to traffic first.
  • Post-rules
    are global rules that Prisma Access applies to traffic only after shared pre-rules and deployment-specific rules are applied.
When you’re setting up a shared policy rule, specify for it to be a
or a
When you’re looking at your security policy rulebase, you can easily identify pre- and post-rules and distinguish them from deployment-specific rules.
When you’re working in a configuration folder that’s not shared, you can still easily identify the rules that are shared across your entire Prisma Access environment — shared rules are highlighted so you can distinguish them from the rules that are specific to another configuration folder.

Recommended For You