Configure Prisma SD-WAN Secure Application Fabric

After the Symantec Firewall Service and Service Center Data Center IPSEC router or Cloud Connector are configured, the next step is to steer branch application traffic to the Firewall Services.
Some of the most common examples of how a traffic policy can be configured per application are:
  • Send all Internet-bound traffic from a set of branches to the Symantec Firewall Service (Blanket Suspect list).
  • Send all Internet-bound traffic from a set of branches to the Symantec Firewall service except for specific known applications. (Suspect list-Allow list).
  • Send all Internet traffic direct to the Internet except for certain applications that need additional inspection or security. (Allow list-Suspect list).
The Prisma SD-WAN Secure Application Fabric enables granular controls for virtually unlimited number of policy permutations down to the sub-application level. The following configuration will use a
Blanket-Suspect list
style deployment:
  1. Create a Data Center Group that will include the Service Center Data Center(s).
    1. From the
      tab, click
      Data Center Groups
    2. In the
      Data Center Groups
      window, click
      Add New
    3. In the
      Group Name
      field, enter a descriptive name, such as
      Web Security Services Bindings
    4. Under
      Data Centers
      , select each Data Center that will participate in this group.
  2. Edit individual
    Policy Set
    rules to use the new
    Service Bindings
    1. In the
      screen, under the
      Network Policies
      tab, click the policy you wish to edit.
    2. From this policy set, select one or more policy rules, and click the edit icon.
    3. In the policy rule, click
      until you come to the
      Service Group
    4. In Data Center Groups, select an Active and Backup Data Center Group for the application.
    5. Optionally, the Data Center group can be flagged as
      for this policy rule.
      • If flagged as
        , the traffic must transit through these Data Centers or the traffic will be dropped.
      • Use of the
        flag also prevents any
        Direct Internet
        Direct MPLS
        path from being allowed as an Active or Backup path.
    6. Click
      , and select
      to apply the policy rule changes.
  3. Verify that the Policy rules have the appropriate Data Center Groups configured.
    Enterprises can set up per-application, direct-to-cloud policies to deliver the cloud securely and with high performance to the remote office because of integration between Prisma SD-WAN and Symantec Web Security Services. At the same time, the remote office device footprint is minimal with rapid cloud-based services delivery.

Recommended For You