Add Security Zones for Stacked Security Policies
Focus
Focus

Add Security Zones for Stacked Security Policies

Table of Contents

Add Security Zones for Stacked Security Policies

Learn how to create security zones for stacked security policies.
Where Can I Use This?What Do I Need?
  • Prisma SD-WAN
  • Active Prisma SD-WAN license
Security Zones specify enforcement boundaries where traffic is subject to inspection and filtering. Each security zone maps to networks attached to physical interfaces, logical interfaces, or sub-interfaces of a device. These zone-level interfaces serve as a proxy for physical circuits and virtual circuits, such as VLAN, Layer 3 VPN, and Layer 2 VPN circuits.
You can manage and secure every interface in a zone independently.
  • Allow or deny every interface in zone access to other zones within an enterprise network.
  • Segregate interface traffic by blocking all access not explicitly allowed by the security policies of an enterprise.
  • Isolate networks that have private or secure information by restricting access to it from public networks.
An area includes source and destination zones with network IDs for a site and is associated with one or more WAN, LAN, or VPN. Attach a zone to multiple networks, but each network type LAN, WAN, or VPN would be connected to one location. Typically, most organizations create three to four zones to segregate traffic using the model’s guest zone, one or more corporate LAN zones, an outside zone for internet underlay, and a corporate WAN zone for private WAN and VPN over the internet or private WAN.
Policy rules use zones in the form of Source Zones or Destination Zones. In Security Policy rules, specify the source and destination zones to which the rule applies. You must establish one or more source and destination zones for each security rule to configure. The source zone identifies the network from where traffic originates and the destination zone identifies the destination traffic of the network.
Add security zones from Stacked Policies.
  1. Select ManagePoliciesSecuritySecurity ZonesAdd Security Zone.
  2. On the Add Security Zone screen, enter a Name for the security zone and an optional description.
  3. Click Create to create a security zone.
    You must bind a zone to a site or a device interface(s) for policy rules to be effective.