Prisma SD-WAN Administrator’s Guide
    : Migrate Original Policy Sets to Stacked Policy Sets
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator’s Guide
    5. Prisma SD-WAN Stacked Policies
    6. Migrate Original Policy Sets to Stacked Policy Sets
    Download PDF

    Prisma SD-WAN Administrator’s Guide

    Migrate Original Policy Sets to Stacked Policy Sets

    Table of Contents

    Migrate Original Policy Sets to Stacked Policy Sets

    Learn how to migrate original policy sets to stacked policy sets.
    Prisma SD-WAN
     supports stacked network and security policies. If you are a new user starting with Release 6.0.1, you can configure only stacked network and security policies. If you have configured original or legacy policies, you have to convert these legacy policies to stacked policies before you can upgrade your device to Release 6.0.1.
    If you try to upgrade your device to version 6.0.1 or higher using original policies, you will get an error and the device upgrade will fail.
    Stacked Policies provide a common administrative domain for a set of sites, contain policy rules, and are stacked and attached to a site. With stacked policies you can enable, disable, update, or manage policies, including performance, priority, path selection, and security without configuring individual ION devices at a branch or a data center.
    1. Select
      Manage
      Policies
      Stacked Policies
      Bindings/Path/QoS/Security/NAT
      .
    2. Select
      Security
      Security Stacks
      Advanced
      Security Sets
      Add Set
      .
      The example shows how to convert an original security policy set to a stacked security policy set. You can extend this to converting Path and QoS sets also.
      To migrate from original network policies to stacked network policies, you can clone an original network policy set into two types of stacked policy sets—stacked path policy set (for original network policies) and stacked QoS policy set (for original priority policies) and bind them separately to a site.
    3. On the
      Add Security Policy Set
       screen, enter a
      Name
       for the security policy set, and optionally enter description and tags.
      While adding a name, ensure that there is no stacked policy set having the same name as the original policy set.
    4. Select the
      Clone From an Original Policy Set
       check box to clone a policy set created under original policies and select a policy set to clone from the
      Choose an Original Policy Set
       drop-down.
    5. Click
      Done
       to submit your changes.
      The clone operation creates a new policy set stack for the original security policy set. As part of the clone operation, a policy set containing custom rules from the original policy set and a Default Rule Policy set from the default rules in the original policies is created. The Default Rule Policy set contains three different rules—
      default-deny
      ,
      intra-zone-allow
      ,
      self-zone-allow
      .
      In order for stacked security policy rules to be active, bind security policy set stacks to a site.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.