Create a Security Policy Set
Table of Contents
Expand all | Collapse all
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Configure Branch HA in a Hybrid Topology with Gen-1 (3000) and Gen-2 (3200) Platforms
- Prisma SD-WAN Incidents and Alerts
Create a Security Policy Set
Prisma SD-WAN allows you to create a security policy
set in the zbfw.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Security policy sets contain security policy
rules that determine application access across zones within an enterprise
local area network (LAN), wide area network (WAN), and virtual private
network (VPN).
Prisma SD-WAN web interface does not automatically
create any default security policy sets. Security policy sets supersede network
policy sets for an enterprise.
Using security policy sets
and security policies rules, you should be able to:
- Manage and secure every interface in a zone independently.
- Provision security policies globally at a data center or locally at a branch.
- Allow or deny application access and traffic flow based on specified source and destination zones and prefix filters.
It
would be best if you explicitly create all of the security policy
sets you want to use.
- Create one or more security policy sets or create new security policy sets by cloning and editing an existing policy set.
- Each security policy set is associated with one or more sites. However, only one security policy set can be active at any given time for each site. Use the same security policy set across sites with differing characteristics, such as different IP ranges, port configurations, port usage, or VLAN IDs.
- Each security policy set has three default security rules created automatically – self-zone, default, and intra-zone.
You
cannot remove a security policy set if any site is using it.
- SelectManagePolicies Security(Original)Create Security Set.Enter the name and (optional) description for the security policy set.Select Create Set to create a security policy set.For Policy Stance, select Optimum, Conservative, or Standard.The policy stance is pre-defined. The security policy set populates automatically with the default policy rules (self-zone, default, and intra-zone) and cannot be edited. You can add as many security policy rules to the created policy set as needed.