Focus

Migrate Original Policy Sets to Stacked Policy Sets

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Administration
Deployment
Incidents & Alerts
CloudBlades
Version
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
Reference
Release Notes
Version
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades

Prisma SD-WAN Stacked Policies

Simple Path and QoS Stacks

Migrate Original Policy Sets to Stacked Policy Sets

Learn how to migrate original policy sets to stacked policy sets.

Where Can I Use This?	What Do I Need?
Prisma SD-WAN	Active Prisma SD-WAN license

Prisma SD-WAN supports stacked network and security policies. If you are a new user starting with Release 6.0.1, you can configure only stacked network and security policies. If you have configured original or legacy policies, you have to convert these legacy policies to stacked policies before you can upgrade your device to Release 6.0.1.

If you try to upgrade your device to version 6.0.1 or higher using original policies, you will get an error and the device upgrade will fail.

Stacked Policies provide a common administrative domain for a set of sites, contain policy rules, and are stacked and attached to a site. With stacked policies you can enable, disable, update, or manage policies, including performance, priority, path selection, and security without configuring individual ION devices at a branch or a data center.

Select ManagePoliciesStacked PoliciesBindings/Path/QoS/Security/NAT.
Select SecuritySecurity StacksAdvancedSecurity SetsAdd Set.
The example shows how to convert an original security policy set to a stacked security policy set. You can extend this to converting Path and QoS sets also.

To migrate from original network policies to stacked network policies, you can clone an original network policy set into two types of stacked policy sets—stacked path policy set (for original network policies) and stacked QoS policy set (for original priority policies) and bind them separately to a site.
On the Add Security Policy Set screen, enter a Name for the security policy set, and optionally enter description and tags.
While adding a name, ensure that there is no stacked policy set having the same name as the original policy set.
Select the Clone From an Original Policy Set check box to clone a policy set created under original policies and select a policy set to clone from the Choose an Original Policy Set drop-down.
Click Done to submit your changes.
The clone operation creates a new policy set stack for the original security policy set. As part of the clone operation, a policy set containing custom rules from the original policy set and a Default Rule Policy set from the default rules in the original policies is created. The Default Rule Policy set contains three different rules—default-deny, intra-zone-allow, self-zone-allow.

In order for stacked security policy rules to be active, bind security policy set stacks to a site.

Prisma SD-WAN Stacked Policies

Simple Path and QoS Stacks

Prisma SD-WAN Docs

Migrate Original Policy Sets to Stacked Policy Sets

Prisma SD-WAN Docs

Migrate Original Policy Sets to Stacked Policy Sets

Activation & Onboarding

SASE

Visibility & Monitoring

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices