1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. CloudBlades Integration and Deployment
    5. Symantec Web Security Services Integration Guide
    6. Configure Symantec Integration
    7. Configure Prisma SD-WAN Secure Application Fabric

    Configure Prisma SD-WAN Secure Application Fabric

    After the Symantec Firewall Service and Service Center Data Center IPSEC router or Cloud Connector are configured, the next step is to steer branch application traffic to the Firewall Services.
    Some of the most common examples of how a traffic policy can be configured per application are:
    • Send all Internet-bound traffic from a set of branches to the Symantec Firewall Service (Blanket Suspect list).
    • Send all Internet-bound traffic from a set of branches to the Symantec Firewall service except for specific known applications. (Suspect list-Allow list).
    • Send all Internet traffic direct to the Internet except for certain applications that need additional inspection or security. (Allow list-Suspect list).
    The Prisma SD-WAN Secure Application Fabric enables granular controls for virtually unlimited number of policy permutations down to the sub-application level. The following configuration will use a
    Blanket-Suspect list
     style deployment:
    1. Create a Data Center Group that will include the Service Center Data Center(s).
      1. From the
        Policies
         tab, click
        Data Center Groups
        .
      2. In the
        Data Center Groups
         window, click
        Add New
        .
      3. In the
        Group Name
         field, enter a descriptive name, such as
        Web Security Services Bindings
        .
      4. Under
        Data Centers
        , select each Data Center that will participate in this group.
    2. Edit individual
      Policy Set
       rules to use the new
      Service Bindings
      .
      1. In the
        Policies
         screen, under the
        Network Policies
         tab, click the policy you wish to edit.
      2. From this policy set, select one or more policy rules, and click the edit icon.
      3. In the policy rule, click
        Next
         until you come to the
        Service Group
         option.
      4. In Data Center Groups, select an Active and Backup Data Center Group for the application.
      5. Optionally, the Data Center group can be flagged as
        Required
         for this policy rule.
        • If flagged as
          Required
          , the traffic must transit through these Data Centers or the traffic will be dropped.
        • Use of the
          Required
           flag also prevents any
          Direct Internet
           or
          Direct MPLS
           path from being allowed as an Active or Backup path.
      6. Click
        Next
        , and select
        Save
         to apply the policy rule changes.
    3. Verify that the Policy rules have the appropriate Data Center Groups configured.
      Enterprises can set up per-application, direct-to-cloud policies to deliver the cloud securely and with high performance to the remote office because of integration between Prisma SD-WAN and Symantec Web Security Services. At the same time, the remote office device footprint is minimal with rapid cloud-based services delivery.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo