When you create prefix filters, specify the filters scope
to control whether it applies to global or local.
Prefix filters specify a group of one
or more individual IP addresses or IP address subnets. With security
policies, prefix filters restrict access within a branch and filter
out traffic to specific IP addresses within the particular source
and destination zones. As with application definitions, you can
reuse prefix filters across the rules and policy sets you have created
for security policy rules.
Global prefix filters use the same set
of prefixes. By applying the global prefix filters defined for custom
applications, leverage the security policy application definition.
Local prefix filters use branch location.
They enable you to address site-specific scenarios where devices
in a specific zone such as a guest zone.
Local filters allow administrators to create a
single policy across all sites to describe application behavior,
eliminating the need to develop individual policies on a per-site
basis. It automatically populates the prefix values for the specific
branch location and notifies the administrator to settle deals for
local prefix filters as needed, if you add a new branch, simplify
policy administration, and reduce the number of rules that need
to be configured and managed.