Create Security Policy Rules

Prisma SD-WAN allows you to create security policy rules for zbfw.
Each security policy set is a collection of security policy rules. The default security policy rules automatically assigned to a security policy set cannot be changed, removed, or deleted. You can create custom security policy rules to take precedence over the default security policy rules.
You should configure general permit any or deny any rules first, then add more specific access and deny rules and have them listed in higher priority order so that they evaluate before the broader rules.
  1. From the Prisma SD-WAN web interface, go to
    Policies > Security Policies (Original)
    , select a security policy set and then click
    Add Rule
    .
  2. Type a
    rule name
    ,
    (optional)
    description
    . Select the source zones and source filters to which this rule applies, and then click
    Next
    .
    Source zones specify where traffic originates. Source filters specify IP addresses that further refine the source zone traffic to which the rule applies.
    1. Select
      Any
      to apply this rule to all listed source zones and filters.
    2. De-select
      Any
      to select one or more specific source zones and source filters.
  3. Select the destination zones and destination filters to which this rule applies, then click
    Next
    .
    Destination zones specify the traffic destined. Destination filters specify IP addresses that further refine the destination zone traffic to which the rule applies. You can select more than one filter to apply to the traffic.
    1. Select
      Any
      to apply this rule to all listed destination zones and filters.
    2. De-select
      Any
      to select one or more specific destination zones and destination filters.
  4. Select
    Any
    to apply created rule to all listed applications or de-select
    Any
    to select one or more specific applications for this rule, then click
    Next
    .
    If you de-select Any, search for a specific application, filter using Categories, or sort by application name or modify the date.
  5. Select the
    action
    to take for traffic matching this rule, then click
    Next
    .
    Actions determine how the traffic from the specified source zone to the specified destination zone should respond.
    1. Select
      Deny
      denying traffic between the specified zones and filters.
    2. Select
      Reject
      to reject traffic between the specified zones and filters.
    3. Select
      Allow
      allowing traffic that matches the rule to be forwarded.
  6. Review the security rule summary and select
    Create & Exit
    to add the new security policy rule to its security policy set.

Recommended For You