Prisma SD-WAN® Stacked Security Policies
Configure stacked security policies to control application access across network zones in
your Prisma SD-WAN branch locations.
| Where Can I Use
This? | What Do I Need? |
|---|
- Prisma SD-WAN (Managed by Strata Cloud Manager)
|
|
Prisma® SD-WAN includes a zone-based firewall that protects your branch networks by
controlling which applications can communicate between different network zones.
"Stacked" refers to the layered organization of security policies:
- Each site has one Security Policy Stack (the container)
- Inside that stack, you can have up to 4 Policy Sets and a Default Policy
Set.
- Inside each policy set, you have individual Policy Rules (allow/deny
decisions)
This layered approach makes it easier to organize complex security requirements
compared to putting all rules in a single flat list.
Prisma SD-WAN previously used "
Security Policies (Original)" format. In
Release 6.0.1, the new "Stacked Security Policies" format was introduced with these
benefits:
Deployment Guidance by Release- New Deployments (Release 6.0.1 or later): Use stacked security policies
only.
- Upgrading from Older Releases: Migrate from original security policies to
stacked policies before upgrading to 6.0.1.
- Existing Deployments (Release 5.6 to 6.0.1): Both stacked and original policies
are supported; however, original policies must be migrated to
stacked policies prior to upgrading beyond 6.0.1.
Default Behavior Without a Security Policy
When no security policy is bound, there is no traffic filtering. All traffic is allowed
except for inbound traffic on the Internet interfaces.
