Prisma SD-WAN supports security policy rules for zbfw.
A security policy rule specifies the
handling of application traffic between zones in a branch office.
For each security policy rule, define source and destination zones,
the applications to which the rule applies,
filters, and the appropriate action.
By default, three security policy rules add to
the end of every security policy set. These default policy rules
provide a basic framework for handling network traffic and cannot
be edited or deleted.
If you don’t configure any security policy rules of your own,
the following default security policy rules are applied:
Default—Denies all traffic from any source zone to any
Self-Zone—Allows any traffic generated by the ION or destined
to the ION on trusted L3 interfaces (L3 LAN, controller, or L3 private
WAN interfaces). For an untrusted interface (L3 public WAN), only
traffic initiated by the ION untrusted interface permits by this
rule; unsolicited inbound traffic to a public WAN port drops by
default regardless of ZBFW policy and zones applied.
Intra-Zone—Allows any traffic within the same zone.
The new rules take precedence over the default
rules and control how rules evaluate by specifying the ruling order.
There is no limit on the number of security policy rules
added to the network configuration.