Prisma SD-WAN Administrator’s Guide
    : Bind Zones to Devices
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator’s Guide
    5. Prisma SD-WAN Security Policies
    6. Configure Security Policies
    7. Bind Zones to Sites and Devices
    8. Bind Zones to Devices
    Download PDF

    Prisma SD-WAN Administrator’s Guide

    Bind Zones to Devices

    Table of Contents

    Bind Zones to Devices

    Prisma SD-WAN zbfw allows you to bind zones to devices.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN
    • Active Prisma SD-WAN license
    Bind zones to logical Layer 3 interfaces on a device and specify separate bindings for standard VPNs. Zones bound to the interfaces:
    WAN interface types with attached WAN circuit labels:
    • Layer 3 stand-alone interfaces
    • Layer 3 sub-interfaces
    • Layer 3 PPPoE interfaces
    • Layer 3 bypass pair, where the WAN member interface is available for zone binding
    • Layer 2 bypass pair, where the WAN member interface is single for zone binding
    • Loopback bypass pairs
    Layer 3 Interfaces and Bypass pairs without a WAN circuit label:
    • Stand-alone Layer 3, where Used_for is LAN
    • Layer 3 bypass pair, where Used_for is LAN, and the LAN member interface is available for zone binding
    • Sub-interface Layer 3, where Used_for is LAN
    • Stand-alone, non-parent interface, where Used_for is NONE
    • Standard tunnel interface
    • Loopback bypass pairs
    Zones cannot be bound to the following types of interfaces:
    • Controller interfaces
    • LAN member interfaces of Layer 2 bypass pairs
    • Parent interfaces of sub-interfaces and PPPoE interfaces
    If a site has both site-level bindings and device-level bindings, the two settings’ resulting configuration is united. In the event of a conflict between site-level bindings and device-level bindings, device-level bindings take precedence.
    1. Click Map.
      Perform one of the following to search or select a site to display its configuration details.
      1. Type a site name or address in the search field.
      2. Click the right-facing arrow to display a list of existing sites.
    2. Select Options > Security Zone Binding and then once on the appropriate tab, click Bind Zone.
      Bind zones to devices from the Devices tab (zone bindings on devices override zone bindings on the site).
    3. Choose the zone name from the list of zones and Select.
    4. Choose the zone network bindings for the zone and Save.
      All VPNs are bound to a single zone. Verify that the networks you select for zone bindings are attached to an interface. A zone is bound to multiple networks, including LANs, WANs, or VPNs. However, each network is attached to one zone.
      Bind the zone to networks for a site when editing a policy set by selecting the security policy set. All VPNs are bound to a single zone and indicated as a single VPN in the Name column on the Zone Network Bindings for Zone screen. Once you have bound the zones to a site and an interface, create Security Policy Sets and Security Policy Rules for your traffic.

    © 2024 Palo Alto Networks, Inc. All rights reserved.