Configure Security Prefixes
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
-
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
-
-
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades
Configure Security Prefixes
Learn how to configure local and global security prefixes.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
A prefix is a group of one or more individual
IP addresses or IP address subnets. Prefixes are a construct of stacked
policies which help to identify traffic. With security policies,
prefix filters restrict access within a branch and filter out traffic
to specific IP addresses within the particular source and destination
zones. As with application definitions, you can reuse prefix filters
across the rules and policy sets you have created for security policy
rules.
Prefixes can be either global or local in scope.
- Global prefix filters use the same set of prefixes. By applying the global prefix filters defined for custom applications, leverage the security policy application definition.
- Local prefixes are used when specific prefix values change by branch location. Use local prefixes to simplify creation and administration of rules. For example, a subset of IP addresses within a subnet. Use local prefixes to create a single policy across all sites to describe application behavior, eliminating the need to develop individual policies on a per-site basis.
- Configure global security prefixes.
- Select ManagePoliciesSecuritySecurity Prefixes.Select Global, and then click Create Global Prefix.On the Add Global Prefix screen, enter a name and description for the prefix.Enter an IP and subnet address.IP addresses within a prefix are defined by the subnet. For example, 10.1.1.0/24 defines the entire limit of 255 IP addresses in that subnet.Select NGFWSECURITY in the Create for policy Type(s) section to create the prefix for security policies.(Optional) You can create a copy of this prefix filter to be used in Path, QoS, and NAT policies respectively by selecting the respective check boxes.Configure local security prefixes.
- Select ManagePoliciesSecuritySecurity Prefixes.Select Local, and then click Create Local Prefix.On the Create Local Prefix screen, enter a name and description for the prefix.Select NGFWSECURITY in the Create for policy Type(s) section to create the prefix for security policies.(Optional) You can create a copy of this prefix filter to be used in Path, QoS, and NAT policies respectively by selecting the respective check boxes.You must attach a local prefix to a site for the prefix to work.