Symantec Web Security Services Integration Guide
    : Configure Prisma SD-WAN Secure Application Fabric
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. CloudBlades Integration and Deployment
    5. Symantec Web Security Services Integration Guide
    6. Configure Symantec Integration
    7. Configure Prisma SD-WAN Secure Application Fabric
    Download PDF

    Symantec Web Security Services Integration Guide

    Configure Prisma SD-WAN Secure Application Fabric

    Table of Contents

    Configure Prisma SD-WAN Secure Application Fabric

    After the Symantec Firewall Service and Service Center Data Center IPSEC router or Cloud Connector are configured, the next step is to steer branch application traffic to the Firewall Services.
    Some of the most common examples of how a traffic policy can be configured per application are:
    • Send all Internet-bound traffic from a set of branches to the Symantec Firewall Service (Blanket Suspect list).
    • Send all Internet-bound traffic from a set of branches to the Symantec Firewall service except for specific known applications. (Suspect list-Allow list).
    • Send all Internet traffic direct to the Internet except for certain applications that need additional inspection or security. (Allow list-Suspect list).
    The Prisma SD-WAN Secure Application Fabric enables granular controls for virtually unlimited number of policy permutations down to the sub-application level. The following configuration will use a Blanket-Suspect list style deployment:
    1. Create a Data Center Group that will include the Service Center Data Center(s).
      1. From the Policies tab, click Data Center Groups.
      2. In the Data Center Groups window, click Add New.
      3. In the Group Name field, enter a descriptive name, such as Web Security Services Bindings.
      4. Under Data Centers, select each Data Center that will participate in this group.
    2. Edit individual Policy Set rules to use the new Service Bindings.
      1. In the Policies screen, under the Network Policies tab, click the policy you wish to edit.
      2. From this policy set, select one or more policy rules, and click the edit icon.
      3. In the policy rule, click Next until you come to the Service Group option.
      4. In Data Center Groups, select an Active and Backup Data Center Group for the application.
      5. Optionally, the Data Center group can be flagged as Required for this policy rule.
        • If flagged as Required, the traffic must transit through these Data Centers or the traffic will be dropped.
        • Use of the Required flag also prevents any Direct Internet or Direct MPLS path from being allowed as an Active or Backup path.
      6. Click Next, and select Save to apply the policy rule changes.
    3. Verify that the Policy rules have the appropriate Data Center Groups configured.
      Enterprises can set up per-application, direct-to-cloud policies to deliver the cloud securely and with high performance to the remote office because of integration between Prisma SD-WAN and Symantec Web Security Services. At the same time, the remote office device footprint is minimal with rapid cloud-based services delivery.

    © 2024 Palo Alto Networks, Inc. All rights reserved.