Configure Security Prefixes
Table of Contents
Expand all | Collapse all
-
-
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Enable IoT Device Visibility in Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Prisma SD-WAN Standard VPN
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Prisma SD-WAN Clarity Reports
-
- Native SASE Integration with Prisma SD-WAN
- Connect a Single Prisma SD-WAN Site to Prisma Access
- Connect Multiple Prisma SD-WAN Sites to Prisma Access
- Edit Application Policy Network Rules
- Understand Service and Data Center Groups
- Verify Standard VPN Endpoints
- Configure Standard Groups
- Assign Domains to Sites
- Prisma SD-WAN Incidents and Alerts
Configure Security Prefixes
Learn how to configure local and global security prefixes.
A prefix is a group of one or more individual
IP addresses or IP address subnets. Prefixes are a construct of stacked
policies which help to identify traffic. With security policies,
prefix filters restrict access within a branch and filter out traffic
to specific IP addresses within the particular source and destination
zones. As with application definitions, you can reuse prefix filters
across the rules and policy sets you have created for security policy
rules.
Prefixes can be either global or local in scope.
- Global prefix filters use the same set of prefixes. By applying the global prefix filters defined for custom applications, leverage the security policy application definition.
- Local prefixes are used when specific prefix values change by branch location. Use local prefixes to simplify creation and administration of rules. For example, a subset of IP addresses within a subnet. Use local prefixes to create a single policy across all sites to describe application behavior, eliminating the need to develop individual policies on a per-site basis.
- Configure global security prefixes.
- Select.ManagePoliciesSecuritySecurity Prefixes
- SelectGlobal, and then clickCreate Global Prefix.
- On theAdd Global Prefixscreen, enter a name and description for the prefix.
- Enter an IP and subnet address.IP addresses within a prefix are defined by the subnet. For example, 10.1.1.0/24 defines the entire limit of 255 IP addresses in that subnet.
- SelectNGFWSECURITYin theCreate for policy Type(s)section to create the prefix for security policies.(Optional)You can create a copy of this prefix filter to be used in Path, QoS, and NAT policies respectively by selecting the respective check boxes.
- Configure local security prefixes.
- Select.ManagePoliciesSecuritySecurity Prefixes
- SelectLocal, and then clickCreate Local Prefix.
- On theCreate Local Prefixscreen, enter a name and description for the prefix.
- SelectNGFWSECURITYin theCreate for policy Type(s)section to create the prefix for security policies.(Optional)You can create a copy of this prefix filter to be used in Path, QoS, and NAT policies respectively by selecting the respective check boxes.You must attach a local prefix to a site for the prefix to work.