Managing complex internet security policies across Next-Generation Firewalls and Explicit Proxy deployments traditionally required manual rule sequencing that could break existing configurations. The Web Access Security policy abstraction framework resolves this complexity by transforming user intent into the policy language for enforcement nodes, specifically supporting PAN-OS and Explicit Proxy deployments. Default rule ordering ensures continuity for your current rules without altering the user experience.

This framework incrementally enhances existing Web Security workflows. The change in behavior, positions newly created Global Web Access policy rules between Web Security rules and regular security rules. Global Catch All policy rules are placed above the intrazone default rules in the post-rules section. This rule ordering allows you to create new internet security policy rules while preserving existing rules in your configuration.

This feature provides significant benefits if you're using Prisma Access for internet security and deploying next-generation firewalls as internet gateways.