Focus

Edit Application Policy Network Rules

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Administration
Deployment
Incidents & Alerts
CloudBlades
Version
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
Reference
Release Notes
Version
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades

Connect Multiple Prisma SD-WAN Sites to Prisma Access

Understand Service and Data Center Groups

Edit Application Policy Network Rules

Learn how to edit the application policy network rules in the native SASE integration for Prisma SD-WAN.

Where Can I Use This?	What Do I Need?
Strata Cloud Manager	Prisma SD-WAN Active Prisma SD-WAN license Prisma SD-WAN AppFabric deployed at one or more locations. Physical and/or virtual ION devices running software versions 5.6.X or higher. Prisma Access Cloud Managed Prisma Access with Aggregate Bandwidth; the bandwidth licensing mode must be enabled per compute location on the Prisma Access Cloud Managed portal. Identification of the IPSec Termination Nodes within Prisma Access for connectivity. Ensure that you have Prisma Access (Cloud Managed) and Prisma SD-WAN in the same TSG.

Where Can I Use This?

What Do I Need?

Strata Cloud Manager

Prisma SD-WAN
- Active Prisma SD-WAN license
- Prisma SD-WAN AppFabric deployed at one or more locations.
- Physical and/or virtual ION devices running software versions 5.6.X or higher.
Prisma Access Cloud Managed
- Prisma Access with Aggregate Bandwidth; the bandwidth licensing mode must be enabled per compute location on the Prisma Access Cloud Managed portal.
- Identification of the IPSec Termination Nodes within Prisma Access for connectivity.
Ensure that you have Prisma Access (Cloud Managed) and Prisma SD-WAN in the same TSG.

When the IPSec tunnels are active from the Prisma SD-WAN sites to the Prisma Access regions, the next step is to modify policies to send traffic down these tunnels. To begin this process, we must modify Service and Data center groups and configure these groups in policy.

When making policy configurations, remember that the ION devices makes intelligent per-app selections using the network policies to chain multiple different path options together in Active-Active and Active-Backup modes.

Example:

Application A: Take Standard VPN direct to Prisma Access.
Application B: Take Standard VPN direct to Prisma Access, Backup to Direct Internet.
Application C: Use only Direct Internet.

The Prisma SD-WAN secure Application Fabric (AppFabric) enables granular controls for virtually unlimited number of policy permutations down to the sub-application level. Here are some of the most common examples of how a traffic policy can be configured per-application:

Send all internet-bound traffic from a set of branches to Prisma Access. (Blanket Suspect list)
Send all internet traffic direct to the internet except for certain applications needing additional inspection or security. (Suspect list—Safelist)
Send all internet-bound traffic from a set of branches to Prisma Access except for specific known applications. (Suspect list—Safelist)

In order to modify application policy, the following steps should be performed. They are detailed in the following sections:

Connect Multiple Prisma SD-WAN Sites to Prisma Access

Understand Service and Data Center Groups

Prisma SD-WAN Docs

Edit Application Policy Network Rules

Prisma SD-WAN Docs

Edit Application Policy Network Rules

Activation & Onboarding

SASE

Visibility & Monitoring

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices