Create a Security Policy Set

Prisma SD-WAN allows you to create a security policy set in the zbfw.
Security policy sets contain security policy rules that determine application access across zones within an enterprise local area network (LAN), wide area network (WAN), and virtual private network (VPN).
Prisma SD-WAN web interface does not automatically create any default security policy sets. Security policy sets supersede network policy sets for an enterprise.
Using security policy sets and security policies rules, you should be able to:
  • Manage and secure every interface in a zone independently.
  • Provision security policies globally at a data center or locally at a branch.
  • Allow or deny application access and traffic flow based on specified source and destination zones and prefix filters.
It would be best if you explicitly create all of the security policy sets you want to use.
  • Create one or more security policy sets or create new security policy sets by cloning and editing an existing policy set.
  • Each security policy set is associated with one or more sites. However, only one security policy set can be active at any given time for each site. Use the same security policy set across sites with differing characteristics, such as different IP ranges, port configurations, port usage, or VLAN IDs.
  • Each security policy set has three default security rules created automatically – self-zone, default, and intra-zone.
You cannot remove a security policy set if any site is using it.
  1. From the Prisma SD-WAN web interface, go to
    Policies > Security Policies (Original)
    and click
    Create Security Set
    .
  2. Enter the
    name
    and
    (optional)
    description
    for the security policy set.
  3. Select
    Create Set
    to create a security policy set.
  4. For Policy Stance, select
    Optimum
    ,
    Conservative
    , or
    Standard
    .
    The policy stance is pre-defined. The security policy set populates automatically with the default policy rules (self-zone, default, and intra-zone) and cannot be edited. You can add as many security policy rules to the created policy set as needed.

Recommended For You