Edit Application Policy Network Rules
Learn how to modify policies to send traffic down the tunnels in Service and Data
Center groups and configure these groups in the policy.
| Where Can I Use This? | What Do I Need? |
|---|
- Prisma Access CloudBlade (Panorama Managed)
- Prisma Access CloudBlade (Cloud Managed)
|
- Prisma SD-WAN License.
- Prisma Access for Networks Subscription.
- Supported Cloud plugin Versions.
- Prisma Access CloudBlade (Cloud Managed) version 3.x.x and
later.
- Prisma Access CloudBlade (Panorama Managed) versions 3.x.x and
4.x.x.
|
When the IPsec Tunnels are active from the site to the Prisma Access regions, the
next step is to modify policies to send traffic down these tunnels. To begin this
process, we must modify the Service and Data Center groups and
configure these groups in the policy.
When making policy configurations, remember that the ION devices makes intelligent
per-app selections using the network policies to chain multiple different path options
together in Active-Active and Active-Backup modes.
Example:
- Application A: Take Standard VPN direct to Prisma Access.
- Application B: Take Standard VPN direct to Prisma Access, Backup to Direct
internet.
- Application C: Use only Direct internet.
The Prisma SD-WAN secure Application Fabric (AppFabric) enables granular
controls for virtually unlimited number of policy permutations down to the
sub-application level. Here are some of the most common examples of how a traffic policy
can be configured per-application:
- Send all internet-bound traffic from a set of branches to Prisma Access.
(Blanket Suspect list)
- Send all internet traffic direct to the internet except for certain applications
needing additional inspection or security. (Suspect list - Safelist)
- Send all internet-bound traffic from a set of branches to Prisma Access except
for specific known applications. (Suspect list - Safelist)
