Modify and Delete Policy Rules and Sets
Focus
Focus
Prisma SD-WAN

Modify and Delete Policy Rules and Sets

Table of Contents

Modify and Delete Policy Rules and Sets

In Prisma SD-WAN you can modify and delete the created policy rules or sets.
Where Can I Use This?What Do I Need?
  • Prisma SD-WAN
  • Active Prisma SD-WAN license
In Prisma SD-WAN, after you create security policy sets and security policy rules, you can edit the sets and rules, if needed. You can
edit the name and description
for security policy sets,
clone an existing
security policy set to create a new policy set, or
delete
a security policy set if not required.

Change Security Rule Order

In Prisma SD-WAN, security policy rules are evaluated in order. If network traffic matches the first rule in a policy set, that rule is applied and access is allowed, denied, or rejected. If traffic passing from the source zone to the destination zone doesn’t match the first rule; it is evaluated against the next rule in the policy set until a matching rule is applied.
You can change the order in which the security policy rules are evaluated by specifying a numerical order value or by dragging and dropping the rule definition to a new location in the graphical representation of the security policy set as part of it. For example, to change the second rule in a policy to be the first rule checked, you can change its policy set position.
  1. Select ManagePoliciesSecurity(Original)and select a security policy set.
  2. Select a policy rule block, drag it to a new position and Save Ranking.

Manage Existing Security Policy Rules

In Prisma SD-WAN, you can modify, disable, monitor, delete, or view change history for any security policy rule in a set.
  1. Select ManagePoliciesSecurity(Original)and select a security policy set.
  2. Select a security policy rule, to display operations in a toolbar, and select an icon for the task you want to perform.

Edit a Security Policy Set

In Prisma SD-WAN, if you want to modify the name or description for a security policy set without changing any of its security policy rules, you can edit the policy set.
  1. Select ManagePoliciesSecurity(Original)and select a security policy set.
  2. Click the ellipsis menu next to the policy set name, select Edit Name & Description enter a new name and description for the security policy set, and Save.

Clone a Security Policy Set

In Prisma SD-WAN, if you want to use an existing security policy set as a template then modify its security policy rules and site binding, you can clone the policy set.
  1. Select ManagePoliciesSecurity(Original)and select a security policy set.
  2. Click the ellipsis menu next to the policy set name, select Clone Set.
  3. Enter a new name for the cloned security policy set, and Clone Set.
  4. Return to the list of security policies and select the cloned policy set and Edit, disable or delete the set's cloned security policy rules.

Delete a Security Policy Set

In Prisma SD-WAN, if you want to remove a security policy set and all of its security policy rules, you must remove any site binding. When the security policy set is no longer bound and used by any site, you can delete it.
  1. Select ManagePoliciesSecurity(Original)and select a security policy set.
  2. Click the ellipsis menu next to the policy set name, and select Delete Set.
    If any of the sites are not using the policy set, you can confirm that you want to delete the set by clicking OK.