This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
What’s this security policy ‘type’ thing anyway?
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Blogs
- What’s this security policy ‘type’ thing anyway?
reaper
Cyber Elite
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Printer Friendly Page
02-21-2017
06:36 AM
Migrating security platforms can be a Herculean task, especially when moving from a non-zone based system and needing to build a security policy up from scratch. Soon enough, you might start to look like this guy:
When creating a security policy, there's a dropdown called 'Rule Type' available that can considerably change the dynamic of how security policies work for you, if applied appropriately!
The difference in behavior introduced by this seemingly simple 'type' is pretty significant, as it changes a policy from a traditional any object in the source field to any object in the destination field to an exclusive operator.
An 'intrazone' type policy will only allow (or block) sessions inside the same zone, this can be very useful when the firewall is set up in Layer 2 mode and is bridging VLANs from one switch stack to the other where each VLAN is represented by a zone.
An 'interzone' type policy is the exact opposite, it will only allow sessions from one zone to a different zone, even if the same zone is listed in the destination field, which is useful when a lot of bidirectional policies need to be set up without inadvertently allowing or blocking sessions inside a zone.
Another cool resource to help you tighten up security with a few nifty tricks, please check out this article: Optimize Your Security Policy
Reaper out
Labels:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
About the Author
I drink and I know things
Labels
-
10.0
1 -
10.1
1 -
10.2
2 -
2 factor authentication
1 -
2020
1 -
2fa
1 -
3.0
1 -
30DaysCloud
5 -
5G
9 -
7000
2 -
7000 series
1 -
9.0
1 -
ACC
2 -
addressgroups
1 -
ADEM
1 -
admin
1 -
admin roles
2 -
administration
10 -
Administrator Profile
1 -
Adobe Acrobat
1 -
AdTacking
1 -
Advanced Threat Mitigation
1 -
Advanced Threat Protection
1 -
Advanced URL Filtering
6 -
Agent
1 -
Agentless
1 -
agentless user id
1 -
AIOps
9 -
AIOps for NGFW
4 -
AIOps NGFW
6 -
ALERTS
1 -
Alibaba
1 -
Alibaba Cloud
3 -
AMA
7 -
Analytics
3 -
Announcement
3 -
Aperture
3 -
API
6 -
API Security
1 -
App-ID
14 -
App-Portal
1 -
application
1 -
Application Framework
4 -
Application Override
1 -
applications
2 -
apps
1 -
Apps Threats Content Update
1 -
Ask Me Anything
3 -
Asset Detail View
1 -
Asset inventory
1 -
ATP
1 -
Attack Surface Management
1 -
Authentication
2 -
Authentication Sequence
1 -
autofocus
10 -
autofocus threat
1 -
Automation
1 -
Autonomous
2 -
Autonomous DEM
3 -
Autonomous Digital Experience Management
2 -
AWS
20 -
Azure
16 -
Basic Configuration
1 -
Beacon
11 -
Best Practice
2 -
Best Practice Assessment
4 -
Best Practices
6 -
blog
6 -
Books
1 -
BPA
7 -
BPAPlus
1 -
Bridgecrew
2 -
Build
1 -
Canon
1 -
CASB
1 -
Case Creation
4 -
case management
1 -
Cases
1 -
categories
3 -
CBDR
1 -
CDSS
5 -
certificate
1 -
certificates
1 -
Certification
2 -
Certifications
3 -
Certifications & Exams
3 -
Checkov
2 -
cicd
1 -
Cisco ACI
2 -
CLI
2 -
CLI Command
2 -
CLI Reference Guide
1 -
Cloud
50 -
cloud code security
3 -
Cloud Identity Engine
5 -
cloud managed prisma access
2 -
Cloud NGFW
4 -
Cloud NGFW for AWS
7 -
Cloud NGFW for Azure
2 -
Cloud Security
12 -
cloud service
3 -
Cloud Services Portal
3 -
CloudBlade
2 -
CloudBlades
4 -
cloudgenix
4 -
CloudSecured
1 -
CN-Series
21 -
CNAME Cloaking
1 -
Cobalt Strike
2 -
Code
1 -
Code & Build
1 -
Code Security
3 -
Code Security module
1 -
Code to Cloud Cybersecurity Summit
1 -
Code Visibility
1 -
Code Vulnerabilities
1 -
Commit Process
1 -
community
127 -
Community Experience Refresh
1 -
community feedback
1 -
Community Guidance
2 -
Community News
15 -
Community Team
1 -
company and culture
2 -
Compatibility
1 -
Compatibility View
1 -
Compute
1 -
Compute Edition
4 -
Configuration
20 -
Configuration and Management
5 -
consulting
1 -
Container
1 -
Containers
1 -
Content Updates
1 -
Content-ID
1 -
Cortex
50 -
Cortex Data Lake
10 -
Cortex XDR
52 -
Cortex XDR 2.0 Features
2 -
Cortex XDR 2.2 Features
1 -
Cortex XDR 2.3
1 -
Cortex XDR 2.4 Features
1 -
Cortex XDR 2.5 Features
1 -
Cortex XDR 2.6 Features
1 -
Cortex XDR 2.7 Features
1 -
Cortex XDR 2.9 Features
1 -
Cortex XDR 3.0 Features
1 -
Cortex XDR 3.1
1 -
Cortex XDR 7.4 Features
1 -
Cortex XDR 7.5 Features
1 -
Cortex XDR Agent
3 -
Cortex XDR Agent 7.3 features
1 -
Cortex XDR Features
1 -
Cortex Xpanse
9 -
Cortex Xpanse Assess
1 -
Cortex XSIAM
4 -
Cortex XSOAR
56 -
Cortex XSOAR Webinar
1 -
COVID-19
2 -
creating policies
1 -
creating rules
2 -
credits
1 -
Critical System Logs
1 -
CSP
11 -
CSP outage
1 -
Custom permissions
1 -
custom policies
1 -
custom report
2 -
Custom Reports
2 -
Custom Signatures
1 -
Customer Experience
2 -
Customer Help
2 -
Customer Journey
1 -
Customer News
4 -
Customer Success
15 -
Customer Support Portal
5 -
Customer Support Resources
1 -
CVE-2021-1675
1 -
CVE-2022-22963
1 -
CVE-2022-22965
1 -
CWPP
1 -
CX Day
3 -
CXDay2020
1 -
cyber elite
21 -
Cyber Elite Program
26 -
Cyberelite
18 -
cybersecurity
12 -
Cybersecurity Academy
1 -
Data Center
1 -
data lake
1 -
Data Loss Prevention
6 -
Data Loss Prevention 7000
1 -
data pattern
1 -
Data Security
1 -
dataplane
1 -
DDoS
1 -
Debug
4 -
Decryption
5 -
Defender
1 -
Dependency
1 -
Deploy
1 -
Deployment
1 -
Detection and Response
1 -
dev_ops
1 -
Developers
1 -
device management
1 -
DevSecOps
1 -
Discovery
1 -
discussion
2 -
discussions
1 -
DLP
5 -
dns
8 -
DNS Security
13 -
DoS Protection
1 -
dotw
8 -
Download
1 -
Drift Detection
1 -
Dynamic Updates
1 -
Dynamic Updates - Antivirus
1 -
EDL
3 -
edu
1 -
EDU-114
1 -
Education
17 -
Education Services
10 -
Educational Services
7 -
ela
1 -
email notification
1 -
Email Notifications
1 -
End of life
1 -
Endpoint
8 -
Endpoint Security Manager (ESM)
2 -
Enterprise
1 -
EOL
1 -
Error Message
1 -
Event
3 -
EVENTs
81 -
Exams
1 -
Expedition
3 -
Expert Program
1 -
Explicit Proxy
1 -
FAQ
1 -
feature request
1 -
FeatureRequest
2 -
Features
4 -
File Blocking
1 -
Filtering
2 -
filters
1 -
Firewall
85 -
Flow Logs
1 -
fuel
5 -
Fuel User Group
12 -
Fundamentals
1 -
gateway
1 -
gateway selection
1 -
gcp
6 -
Getting Started
1 -
Github
1 -
Global
1 -
Global Protect
1 -
GlobalProtect
48 -
GlobalProtect 5.0
3 -
GlobalProtect App
3 -
GlobalProtect Cloud Service
2 -
GlobalProtect HIP check
1 -
GlobalProtect Portal
1 -
GlobalProtect-COVID19
24 -
GlobalProtect-Resources
19 -
google
1 -
Google Chrome extension
1 -
google cloud platform
3 -
GP
3 -
GPCS
1 -
Grateful
1 -
Grayware
2 -
Guidance and Guidelines
2 -
ha
1 -
Happy Holidays
1 -
Hardening
1 -
Hardware
3 -
High Availability
1 -
HIP
1 -
HIP Check
1 -
How to
8 -
How-to
3 -
how_to
2 -
HTTP
1 -
hub
6 -
Hybrid Cloud
3 -
Hyper Scale
1 -
IAC
3 -
IaC security
2 -
ICS
1 -
Identity
1 -
ignite
4 -
Ignite '22
2 -
Ignite 2021
8 -
Ignite 2022
13 -
Ignite 21
1 -
Ignite 22
4 -
Ignite conference
2 -
Ignite public sector
1 -
ignite2019
3 -
Ignite2020
8 -
Ignite21
5 -
IGNITEQ&A
1 -
Image Analysis Sandbox
1 -
initial configuration
1 -
Interactive Event
2 -
Interactive Events
1 -
Internet of Things
1 -
Investigation
1 -
IoMT
3 -
ION
1 -
IoT
18 -
IoT Security
31 -
IPSec
2 -
IPv6
1 -
Iron Skillet
1 -
IronSkillet
1 -
Kubernetes
4 -
LatinxHeritage
1 -
LatinxHeritageMonth
4 -
Learning
3 -
Learning Center
1 -
license
1 -
License Keys
1 -
licenses
2 -
licensing
1 -
live community
3 -
Live Community Help
4 -
livecommunity
14 -
log forwarding
5 -
Log Forwarding and Alerting
1 -
log retention period
1 -
Log Settings
1 -
Log4Shell
1 -
Logging
8 -
logging service
3 -
logging_services
1 -
login
1 -
LogJam
1 -
Logs
2 -
Mac OS X
1 -
machine learning
7 -
MacOS
2 -
Magnifier
1 -
Malware
4 -
Manage Drift
1 -
managed services
1 -
Management
28 -
Management & Administration
2 -
Mapping
3 -
MDR
1 -
member spotlight
1 -
MFA
3 -
micro-credentialing
1 -
Microsoft 365
1 -
Migration
3 -
Migration Tool
2 -
minemeld
2 -
Misconfiguration
1 -
ML-Powered NGFW
5 -
Mobile Workforce
1 -
Monthly Release
1 -
MSP
3 -
MSSP partners
1 -
multi factor authentication
1 -
Multi-Category URL Filtering
2 -
multi-factor authentication
1 -
multi-vsys
1 -
Nebula
2 -
NetSec
1 -
Network
1 -
Network Exposure
1 -
Network Perimeter
2 -
network security
40 -
Network Security Management
1 -
Networking
1 -
New Features
9 -
News
5 -
next-generation firewall
14 -
Next-Generation Firewall. NGFW
4 -
Next-Generation Firewalls
2 -
NGFW
58 -
NGFW Configuration
25 -
notifications
1 -
NOVA
1 -
NPI
1 -
NSX
2 -
NSX-T
2 -
nutanix
1 -
OCI
3 -
office 365
1 -
Okta
1 -
on demand
3 -
Oracle Cloud
2 -
Oracle Cloud Infrastructure
5 -
OT
1 -
OT Security
1 -
Out of Band WAAS
1 -
PA Firewall
1 -
PA-220R
1 -
PA-7000 Series Firewall
1 -
Palo Alto Networks
1 -
PAN-Os
79 -
PAN-OS 10.0
4 -
PAN-OS 10.1
4 -
PAN-OS 10.2
3 -
PAN-OS 11.0
2 -
PAN-OS 9.0
7 -
PAN-OS 9.1
2 -
PANCast
2 -
PANCast. community
1 -
Panorama
36 -
Panorama Configuration
5 -
panorama_csr
1 -
PANOS-9.0
2 -
Parked
1 -
Path Visibility
1 -
PCCET
2 -
PCCSA
3 -
PCNSA
4 -
PCNSE
9 -
PDF summary report
1 -
Permission Group
1 -
Phishing
1 -
Playbook of the Week
1 -
plugin
3 -
policies
1 -
policy
2 -
Postman
1 -
PR comments
1 -
Pre-Logon
1 -
Primsa SASE
2 -
PrintNightmare
1 -
Prisma
25 -
Prisma "cloud code security" (CCS) module
2 -
Prisma Access
46 -
Prisma Access 2.0
1 -
Prisma Access 2.0 Upgrade
1 -
Prisma Access 4.0 Upgrade
1 -
prisma access app
1 -
Prisma Access Cloud Management
3 -
prisma access insights
2 -
Prisma Access MSP
4 -
Prisma Cloud
27 -
Prisma Cloud Code Security
1 -
Prisma Cloud Compute Edition
2 -
Prisma Cloud Data Security
1 -
Prisma Cloud Enterprise Edition
1 -
Prisma Coud
1 -
Prisma SaaS
5 -
Prisma SASE
6 -
prisma SD-WAN
16 -
PrismaAccess
2 -
PrismaAccess-COVID19
11 -
prismaaccessinsights
2 -
Privacy Data Sheets
1 -
Private Cloud
4 -
Professional Services
2 -
Proxy
2 -
Proxy Avoidance
2 -
Public Cloud
2 -
public sector
1 -
Pull request comments
1 -
Query Builder
1 -
Questionable
1 -
Quickplay Solutions
2 -
radar view
1 -
registry scanning
1 -
Release Notes
5 -
Release-Notes
3 -
Remediation
1 -
Remote Code Execution
1 -
Remote location
1 -
Remote Networks
2 -
report group
1 -
reporting and logging
2 -
Reports
3 -
Resource Explorer
1 -
Resources
5 -
role-based access control
1 -
RQL
2 -
RSA
1 -
Rule
1 -
Run
1 -
SaaS
7 -
Saas Security
6 -
SAML
2 -
SASE
16 -
SBOM
1 -
SCA
2 -
SCADA
1 -
scanning
1 -
SD-WAN
14 -
Second Watch
1 -
SecOps
1 -
Secure Input
1 -
secureinput
1 -
Security
9 -
Security Advisory
1 -
Security Operations
2 -
security policy
5 -
security profile
1 -
Security Profiles
2 -
Security Rulebase
1 -
security Service
2 -
Service Provider
1 -
Services
3 -
session
1 -
Setup & Administration
2 -
Shift-Left
2 -
SIEM
2 -
Skillets
3 -
Smart NIC
1 -
smb
1 -
SNMP Monitoring
1 -
SOC
1 -
Social Media
1 -
Software
1 -
Software Bill of Materials
1 -
Software Composition Analysis
2 -
SolarStorm
1 -
SolarWinds
1 -
Spark User Summit Event
1 -
Split Tunneling
1 -
Spring Framework
1 -
SpringShell
1 -
SSL
1 -
SSL Decryption
5 -
SSL Forward Proxy
1 -
Strata
5 -
Strata Firewall
2 -
Subscriptions
1 -
SUNBURST
1 -
Supply Chain Security
1 -
Support
25 -
Support Guidance
1 -
support portal
1 -
Symphony
1 -
Symphony 2023
1 -
TCP
2 -
Technologies
3 -
Terraform
3 -
Thankful 2020
1 -
Thanksgiving
1 -
Threat
31 -
Threat Detection
2 -
Threat Intelligence Management
3 -
threat log
1 -
Threat Management
4 -
threat prevention
8 -
Threat Prevention License
1 -
threat protection
1 -
Threat Vulnerability Advisory
1 -
Threats
2 -
Tips & Tricks
6 -
tls
1 -
TMS
4 -
Tools
3 -
Training
1 -
Traps
8 -
Traps Agent
8 -
Traps Management Service
4 -
Troubleshooting
8 -
Tutorial
13 -
Unified Asset Inventory
1 -
unit 42
25 -
unit42
6 -
upgrade
3 -
url categories
2 -
URL Filtering
12 -
URL Filtering (PAN-DB)
3 -
URL-Filtering
1 -
User Context
1 -
User-ID
8 -
User-ID & Authentication
1 -
User-ID mapping
2 -
userid
2 -
users
1 -
VCS
1 -
Veteran Training
3 -
Veterans Day
1 -
Video
8 -
Videos
4 -
VIP
1 -
Virtualization
7 -
VirusTotal
1 -
VM
1 -
VM-Series
56 -
VM-Series on AWS
4 -
VM-Series on Azure
3 -
VMware
2 -
VPN
2 -
Vsys
1 -
Vulnerability
17 -
Vulnerability Protection
3 -
WAAS
2 -
Web Application & API Security
1 -
webcast
1 -
Webinar
6 -
Wildcard DNS Abuse
1 -
WildFire
17 -
Wildfire API
1 -
Women's Equality Day
1 -
XDR
2 -
Xpanse
3 -
XSIAM
2 -
XSOAR
11 -
Year in Review
1 -
Yor
1 -
YouTube
3 -
Zero Security
1 -
Zero Trust
13 -
Zero Trust Network
2 -
Zero Trust Network Security
9 -
Zone Protection
1 -
ztna
3
- Previous
- Next
Top Liked Posts
| Subject | Likes |
|---|---|
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like | |
| 1 Like |
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks