Prisma SD-WAN allows you to create a security policy
set in the zbfw.
Security policy sets contain security policy
rules that determine application access across zones within an enterprise
local area network (LAN), wide area network (WAN), and virtual private
Prisma SD-WAN web interface does not automatically
create any default security policy sets. Security policy sets supersede network
policy sets for an enterprise.
Using security policy sets
and security policies rules, you should be able to:
and secure every interface in a zone independently.
Provision security policies globally at a data center or
locally at a branch.
Allow or deny application access and traffic flow based on
specified source and destination zones and prefix filters.
would be best if you explicitly create all of the security policy
sets you want to use.
Create one or more security
policy sets or create new security policy sets by cloning and editing
an existing policy set.
Each security policy set is associated with one or more sites.
However, only one security policy set can be active at any given
time for each site. Use the same security policy set across sites
with differing characteristics, such as different IP ranges, port configurations,
port usage, or VLAN IDs.
Each security policy set has three default security rules
created automatically – self-zone, default, and intra-zone.
cannot remove a security policy set if any site is using it.
From the Prisma SD-WAN web interface, go to
Policies > Security Policies (Original)
Create Security Set
the security policy set.
to create a
security policy set.
For Policy Stance, select
The policy stance is pre-defined. The security policy set
populates automatically with the default policy rules (self-zone,
default, and intra-zone) and cannot be edited. You can add as many
security policy rules to the created policy set as needed.