Shared Policy: Pre-Rules and Post-Rules
Enforce shared rules (rules that apply globally to your
Prisma Access environment) before or ahead of local rules.
For security rules that are in the shared configuration
folder (they apply globally across the entire Prisma Access service),
you can decide if the rule should be enforced ahead of or after
rules in the other configuration folders. In Prisma Access, these
are called pre-rules and post-rules.
- Pre-rulesare global rules that take precedence over deployment-specific rules and Prisma Access applies these to traffic first.
- Post-rulesare global rules that Prisma Access applies to traffic only after shared pre-rules and deployment-specific rules are applied.
When you’re setting up a shared policy rule, specify for it to
be a
pre-rule
or a post-rule
.
When you’re looking at your security policy rulebase, you can
easily identify pre- and post-rules and distinguish them from deployment-specific
rules.
When you’re working in a configuration folder
that’s not shared, you can still easily identify the rules that
are shared across your entire Prisma Access environment — shared
rules are highlighted so you can distinguish them from the rules
that are specific to another configuration folder.
