Create Security Policy Rules
Table of Contents
Expand all | Collapse all
-
-
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Enable IoT Device Visibility in Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Prisma SD-WAN Standard VPN
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Prisma SD-WAN Clarity Reports
-
- Native SASE Integration with Prisma SD-WAN
- Connect a Single Prisma SD-WAN Site to Prisma Access
- Connect Multiple Prisma SD-WAN Sites to Prisma Access
- Edit Application Policy Network Rules
- Understand Service and Data Center Groups
- Verify Standard VPN Endpoints
- Configure Standard Groups
- Assign Domains to Sites
- Prisma SD-WAN Incidents and Alerts
Create Security Policy Rules
Prisma SD-WAN
allows you to create security policy rules
for zbfw.Each security policy set is a collection of
security policy rules. The default security policy rules automatically assigned
to a security policy set cannot be changed, removed, or deleted.
You can create custom security policy rules to take precedence over
the default security policy rules.
You should configure general
permit any or deny any rules first, then add more specific access
and deny rules and have them listed in higher priority order so
that they evaluate before the broader rules.
- Select. Select a security policy set and then clickManagePoliciesSecurity(Original)Add Policy Rule.
- Type arule name,(optional)description. Select the source zones and source filters to which this rule applies, and then clickNext.Source zones specify where traffic originates. Source filters specify IP addresses that further refine the source zone traffic to which the rule applies.
- SelectAnyto apply this rule to all listed source zones and filters.
- De-selectAnyto select one or more specific source zones and source filters.
- Select the destination zones and destination filters to which this rule applies, then clickNext.Destination zones specify the traffic destined. Destination filters specify IP addresses that further refine the destination zone traffic to which the rule applies. You can select more than one filter to apply to the traffic.
- SelectAnyto apply this rule to all listed destination zones and filters.
- De-selectAnyto select one or more specific destination zones and destination filters.
- SelectAnyto apply created rule to all listed applications or de-selectAnyto select one or more specific applications for this rule, then clickNext.If you de-select Any, search for a specific application, filter using Categories, or sort by application name or modify the date.
- Select theactionto take for traffic matching this rule, then clickNext.Actions determine how the traffic from the specified source zone to the specified destination zone should respond.
- SelectDenydenying traffic between the specified zones and filters.
- SelectRejectto reject traffic between the specified zones and filters.
- SelectAllowallowing traffic that matches the rule to be forwarded.
- Review the security rule summary and selectCreate & Exitto add the new security policy rule to its security policy set.