Prisma SD-WAN supports Virtual Routing and Forwarding (VRF) to provide secure WAN segmentation of application traffic. This capability is valuable when you need to isolate traffic for different business units or customers who share the same WAN infrastructure.

To configure segmentation, you must first define WAN Segments in global VRF profiles.

You then bind these VRF profiles to sites and configure interfaces with the appropriate VRF. When traffic enters the interface, it only considers destinations that have the same VRF locally or across the fabric. If the traffic is destined to go across the fabric, the Prisma SD-WAN device automatically encapsulates the traffic with a unique VRF-specific identifier. When the traffic reaches the remote ION, it egresses onto the configured VRF.