Prisma SD-WAN supports Virtual Routing and Forwarding (VRFs) for WAN segmentation of application traffic. Network segmentation will help achieve isolation of application traffic for the same customer between different business units or customers who share the same WAN infrastructure by carrying the segment identifier over the WAN overlay.

WAN Segments are first defined in global VRF profiles. These VRF profiles are then bound to sites. After that, interfaces are configured with the appropriate VRF. When traffic enters the interface, it only considers destinations with the same VRF locally or across the fabric. If the traffic is destined to go across the fabric, it gets automatically encapsulated with a unique identifier specific to that VRF. Once the traffic reaches the remote ION, it can egress onto the VRF that is appropriately configured.