| Where Can I Use
This? | What Do I
Need? |
|---|
Security policy sets contain security policy
rules that determine application access across zones within an enterprise
local area network (LAN), wide area network (WAN), and virtual private
network (VPN).
Prisma SD-WAN web interface does not automatically
create any default security policy sets. Security policy sets supersede network
policy sets for an enterprise.
Using security policy sets
and security policies rules, you should be able to:
Manage
and secure every interface in a zone independently.
Provision security policies globally at a data center or
locally at a branch.
Allow or deny application access and traffic flow based on
specified source and destination zones and prefix filters.
It
would be best if you explicitly create all of the security policy
sets you want to use.
Create one or more security
policy sets or create new security policy sets by cloning and editing
an existing policy set.
Each security policy set is associated with one or more sites.
However, only one security policy set can be active at any given
time for each site. Use the same security policy set across sites
with differing characteristics, such as different IP ranges, port configurations,
port usage, or VLAN IDs.
Each security policy set has three default security rules
created automatically – self-zone, default, and intra-zone.
You
cannot remove a security policy set if any site is using it.
