https://live.paloaltonetworks.com/t5/strata-cloud-manager/global-zones-rules/m-p/1256696#M149 <P>Thanks&nbsp; - I've had a look at this and it appears this is for Prisma access?</P> <P>&nbsp;</P> <P>We are currently focusing on device level, rather than user level protections to segment high risk area of our network off or area that are critical and need extra protection.</P> <P>&nbsp;</P> <P>For example we have a rule to allow access to Microsoft Defender for Endpoint or the SIEM system that we want to be able to apply to multiple segmented area of the network, each segment is current in its own zone, with some of the zones been defined at a subfolder level.</P> <P>&nbsp;</P> <P>From what I can see the best fix would be to define the zones at the root level so they can be used in root level config.</P> <P>&nbsp;</P> <P>As we don't have Prisma it does not look like we can use the trust/untrusted functionality, nor does it appear to be in any of the mneus</P> Thu, 18 Jun 2026 11:09:11 GMT R.Naylor 2026-06-18T11:09:11Z https://live.paloaltonetworks.com/t5/strata-cloud-manager/global-zones-rules/m-p/1256390#M146 <P>We want to create some standards rules that will apply to most zones - It looks like the only way to do this is to define all zones that needs these rules at a global level.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Looks like maybe tagging could be used&nbsp; as an alternative to allow zones to be defined at a folder level, but this seems overly complex</P> Mon, 15 Jun 2026 22:50:52 GMT https://live.paloaltonetworks.com/t5/strata-cloud-manager/global-zones-rules/m-p/1256390#M146 R.Naylor 2026-06-15T22:50:52Z https://live.paloaltonetworks.com/t5/strata-cloud-manager/global-zones-rules/m-p/1256498#M148 <P>have you tried using Zone Mapping (from the Overview &gt; Inherited Zones)</P> <P>&nbsp;</P> <P>you can add all your internal zones to the Trust zone so you can make a rule that allows trust to anywhere which will include all your zones</P> Tue, 16 Jun 2026 13:40:31 GMT https://live.paloaltonetworks.com/t5/strata-cloud-manager/global-zones-rules/m-p/1256498#M148 reaper 2026-06-16T13:40:31Z https://live.paloaltonetworks.com/t5/strata-cloud-manager/global-zones-rules/m-p/1256696#M149 <P>Thanks&nbsp; - I've had a look at this and it appears this is for Prisma access?</P> <P>&nbsp;</P> <P>We are currently focusing on device level, rather than user level protections to segment high risk area of our network off or area that are critical and need extra protection.</P> <P>&nbsp;</P> <P>For example we have a rule to allow access to Microsoft Defender for Endpoint or the SIEM system that we want to be able to apply to multiple segmented area of the network, each segment is current in its own zone, with some of the zones been defined at a subfolder level.</P> <P>&nbsp;</P> <P>From what I can see the best fix would be to define the zones at the root level so they can be used in root level config.</P> <P>&nbsp;</P> <P>As we don't have Prisma it does not look like we can use the trust/untrusted functionality, nor does it appear to be in any of the mneus</P> Thu, 18 Jun 2026 11:09:11 GMT https://live.paloaltonetworks.com/t5/strata-cloud-manager/global-zones-rules/m-p/1256696#M149 R.Naylor 2026-06-18T11:09:11Z