https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/572287#M656 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/153031">@nikoolayy1</a>&nbsp;This is not related to the question. The query is about the Prisma Access Cloud based web policy</P> Tue, 09 Jan 2024 08:49:51 GMT batd2 2024-01-09T08:49:51Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/567064#M629 <P>Hi all&nbsp;</P> <P>&nbsp;</P> <P>I am trying to understand the Prisma Access Cloud Managed Web Security policies. There are options to match on users or services. But how is traffic identified as "Web" if all settings are left to default. And will Web Security policy take precedence over Security Policy configured in the same folder?&nbsp;</P> Sat, 25 Nov 2023 13:45:56 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/567064#M629 batd2 2023-11-25T13:45:56Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/569430#M641 <P>No one able to answer?&nbsp;</P> Tue, 12 Dec 2023 09:38:44 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/569430#M641 batd2 2023-12-12T09:38:44Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/572171#M654 <P>To get an answer from someone inside Palo Alto better contact your sales manager. From what I can tell it is doing app identification as even If you have not created application override Palo Alto still does basic app identification, so auto matching web-browsing and ssl and app shift when decrypted to web-browsing does not seem complex.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/network-security/security-policy/administration/web-security/about-web-security" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/network-security/security-policy/administration/web-security/about-web-security</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/network-security/security-policy/administration/web-security/rule-order-for-web-security-and-security-policy" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/network-security/security-policy/administration/web-security/rule-order-for-web-security-and-security-policy</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="nikoolayy1_0-1704745795042.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/56347i52F2560ED91CEB47/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="nikoolayy1_0-1704745795042.png" alt="nikoolayy1_0-1704745795042.png" /></span></P> <P>&nbsp;</P> Mon, 08 Jan 2024 20:39:12 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/572171#M654 nikoolayy1 2024-01-08T20:39:12Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/572287#M656 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/153031">@nikoolayy1</a>&nbsp;This is not related to the question. The query is about the Prisma Access Cloud based web policy</P> Tue, 09 Jan 2024 08:49:51 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/572287#M656 batd2 2024-01-09T08:49:51Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/572314#M658 <P>Prisma Access in the background uses Palo Alto Firewalls. I think that it is not the virtual edition but some form of container based but still the same code with the same functions and it does not matter if it is not managed by Panorama but in the cloud.</P> Tue, 09 Jan 2024 10:38:07 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/572314#M658 nikoolayy1 2024-01-09T10:38:07Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/572576#M664 <P>Also for SAAS App ID Prisma Access and the firewalls use App-ID Cloud Engine (ACE)&nbsp; <A href="https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/cloud-based-app-id-service" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/cloud-based-app-id-service</A> if you are interested in this.</P> Wed, 10 Jan 2024 16:32:11 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/572576#M664 nikoolayy1 2024-01-10T16:32:11Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/572592#M665 <P>I am using Prisma Access SASE and have wondered the same thing.&nbsp; The best resource I have found is here:&nbsp;<A href="https://docs.paloaltonetworks.com/network-security/security-policy/administration/web-security/rule-order-for-web-security-and-security-policy" target="_blank">https://docs.paloaltonetworks.com/network-security/security-policy/administration/web-security/rule-order-for-web-security-and-security-policy</A></P> <P>&nbsp;</P> <P>Web Access Policies are applied before Security Policies.&nbsp; I generally prefer security policies for their granularity, but sometimes it's hard to create a security policy that doesn't violate some "best practice", in which case I fall back on Web Access Policies.</P> <P>&nbsp;</P> Wed, 10 Jan 2024 17:46:47 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/primsa-sase-web-security/m-p/572592#M665 KeithPartin 2024-01-10T17:46:47Z