Security Policy Rules

Prisma SD-WAN supports security policy rules for zbfw.
A security policy rule specifies the handling of application traffic between zones in a branch office. For each security policy rule, define source and destination zones, the applications to which the rule applies,
optional
prefix filters, and the appropriate action.
By default, three security policy rules add to the end of every security policy set. These default policy rules provide a basic framework for handling network traffic and cannot be edited or deleted.
If you don’t configure any security policy rules of your own, the following default security policy rules are applied:
  • Default—Denies all traffic from any source zone to any destination zone.
  • Self-Zone—Allows any traffic generated by the ION or destined to the ION on trusted L3 interfaces (L3 LAN, controller, or L3 private WAN interfaces). For an untrusted interface (L3 public WAN), only traffic initiated by the ION untrusted interface permits by this rule; unsolicited inbound traffic to a public WAN port drops by default regardless of ZBFW policy and zones applied.
  • Intra-Zone—Allows any traffic within the same zone.
The new rules take precedence over the default rules and control how rules evaluate by specifying the ruling order.
There is no limit on the number of security policy rules added to the network configuration.

Recommended For You