Edit Application Policy Network Rules
Table of Contents
Expand all | Collapse all
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Configure Branch HA in a Hybrid Topology with Gen-1 (3000) and Gen-2 (3200) Platforms
- Prisma SD-WAN Incidents and Alerts
Edit Application Policy Network Rules
Learn how to edit the application policy network rules in the native SASE integration for
Prisma SD-WAN.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
When the IPSec tunnels are active from the Prisma SD-WAN sites to the Prisma Access regions, the
next step is to modify policies to send traffic down these tunnels. To begin this
process, we must modify Service and Data center groups and configure these groups in
policy.
When making policy configurations, remember that
the ION devices makes intelligent per-app selections using the network
policies to chain multiple different path options together in Active-Active
and Active-Backup modes.
Example:
- Application A: Take Standard VPN direct to Prisma Access.
- Application B: Take Standard VPN direct to Prisma Access, Backup to Direct Internet.
- Application C: Use only Direct Internet.
The Prisma SD-WAN secure Application Fabric (AppFabric) enables granular controls for virtually
unlimited number of policy permutations down to the sub-application level. Here are
some of the most common examples of how a traffic policy can be configured
per-application:
- Send all internet-bound traffic from a set of branches to Prisma Access. (Blanket Suspect list)
- Send all internet traffic direct to the internet except for certain applications needing additional inspection or security. (Suspect list—Safelist)
- Send all internet-bound traffic from a set of branches to Prisma Access except for specific known applications. (Suspect list—Safelist)
In
order to modify application policy, the following steps should be
performed. They are detailed in the following sections: