Prisma SD-WAN Administrator’s Guide
    : Create Security Policy Rules
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator’s Guide
    5. Prisma SD-WAN Security Policies
    6. Configure Security Policies
    7. Create Security Policy Rules
    Download PDF

    Prisma SD-WAN Administrator’s Guide

    Create Security Policy Rules

    Table of Contents

    Create Security Policy Rules

    Prisma SD-WAN allows you to create security policy rules for zbfw.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN
    • Active Prisma SD-WAN license
    Each security policy set is a collection of security policy rules. The default security policy rules automatically assigned to a security policy set cannot be changed, removed, or deleted. You can create custom security policy rules to take precedence over the default security policy rules.
    You should configure general permit any or deny any rules first, then add more specific access and deny rules and have them listed in higher priority order so that they evaluate before the broader rules.
    1. SelectManagePolicies Security(Original). Select a security policy set and then click Add Policy Rule.
    2. Type a rule name, (optional) description. Select the source zones and source filters to which this rule applies, and then click Next.
      Source zones specify where traffic originates. Source filters specify IP addresses that further refine the source zone traffic to which the rule applies.
      1. Select Any to apply this rule to all listed source zones and filters.
      2. De-select Any to select one or more specific source zones and source filters.
    3. Select the destination zones and destination filters to which this rule applies, then click Next.
      Destination zones specify the traffic destined. Destination filters specify IP addresses that further refine the destination zone traffic to which the rule applies. You can select more than one filter to apply to the traffic.
      1. Select Any to apply this rule to all listed destination zones and filters.
      2. De-select Any to select one or more specific destination zones and destination filters.
    4. Select Any to apply created rule to all listed applications or de-select Any to select one or more specific applications for this rule, then click Next.
      If you de-select Any, search for a specific application, filter using Categories, or sort by application name or modify the date.
    5. Select the action to take for traffic matching this rule, then click Next.
      Actions determine how the traffic from the specified source zone to the specified destination zone should respond.
      1. Select Deny denying traffic between the specified zones and filters.
      2. Select Reject to reject traffic between the specified zones and filters.
      3. Select Allow allowing traffic that matches the rule to be forwarded.
    6. Review the security rule summary and select Create & Exit to add the new security policy rule to its security policy set.

    © 2024 Palo Alto Networks, Inc. All rights reserved.