https://live.paloaltonetworks.com/t5/prisma-access-discussions/zones-in-remote-networks/m-p/511564#M390 <P>Hi,</P> <P>&nbsp;</P> <P>we are onboarding the first remote network sites and we tried to map the preexisting zones from our shared internet-policies to the trust and untrust zones.</P> <P>But inside the traffic logs, we can see, that traffic from the remote networks are coming from a zone, with the name of the remote network.</P> <P>I would have guest, that these are all in the "trust" zone.</P> <P>&nbsp;</P> <P>Now the big question is, how to fix that, so we can use our preexisting global internet access policies?</P> <P>&nbsp;</P> <P>Best Regards</P> <P>Johannes</P> Thu, 11 Aug 2022 13:28:30 GMT jo.schoensa 2022-08-11T13:28:30Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/zones-in-remote-networks/m-p/511564#M390 <P>Hi,</P> <P>&nbsp;</P> <P>we are onboarding the first remote network sites and we tried to map the preexisting zones from our shared internet-policies to the trust and untrust zones.</P> <P>But inside the traffic logs, we can see, that traffic from the remote networks are coming from a zone, with the name of the remote network.</P> <P>I would have guest, that these are all in the "trust" zone.</P> <P>&nbsp;</P> <P>Now the big question is, how to fix that, so we can use our preexisting global internet access policies?</P> <P>&nbsp;</P> <P>Best Regards</P> <P>Johannes</P> Thu, 11 Aug 2022 13:28:30 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/zones-in-remote-networks/m-p/511564#M390 jo.schoensa 2022-08-11T13:28:30Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/zones-in-remote-networks/m-p/511835#M394 <P>Better check your zone mapping to be certain. Also the link below has something that could be helpfull.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>-----</P> <P>&nbsp;</P> <DIV class=""> <DIV style="display: inline;">When creating zones, do not use any of the following names for the zones, because these are names used for internal zones: <P>&nbsp;</P> <DIV style="display: inline;"> <UL> <LI class=""> <DIV style="display: inline;"> <DIV class=""> <DIV style="display: inline;">trust</DIV> </DIV> </DIV> </LI> <LI class=""> <DIV style="display: inline;"> <DIV class=""> <DIV style="display: inline;">untrust</DIV> </DIV> </DIV> </LI> <LI class=""> <DIV style="display: inline;"> <DIV class=""> <DIV style="display: inline;">inter-fw</DIV> </DIV> </DIV> </LI> <LI class=""> <DIV style="display: inline;"> <DIV class=""> <DIV style="display: inline;">Any name you use for the remote networks (remote network names are used as the source zone in Cortex Data Lake logs) <P>Prisma Access logs that display a zone of inter-fw are logs used for communication within the Prisma Access infrastructure.</P> <P>&nbsp;</P> <P>--------</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-overview/zone-mapping" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-overview/zone-mapping</A></P> <P><LI-WRAPPER></LI-WRAPPER></P> </DIV> </DIV> </DIV> </LI> </UL> </DIV> </DIV> </DIV> Mon, 15 Aug 2022 11:40:46 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/zones-in-remote-networks/m-p/511835#M394 nikoolayy1 2022-08-15T11:40:46Z