Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Navigating Security Policies: Simplifying the Process Behind Your Keyboard

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Community Team Member

Title_Navigating-Security-Policies_palo-alto-networks.jpg

 

Transitioning between security platforms can be a daunting challenge, particularly when shifting from a non-zone based system and having to construct a security policy from the ground up.

 

When creating a security policy, the 'Rule Type' dropdown is a crucial feature that can significantly alter how security policies function for you when used correctly!

 

Fig 1_Navigating-Security-Policies_palo-alto-networks.png

 

 The impact of this seemingly straightforward 'type' is quite substantial, transforming a policy from the conventional any object in the source field to any object in the destination field to an exclusive operator

 
  • Universal (default) rules apply to all matching interzone and intrazone traffic in the specified source and destination zones. For example, if you create a universal rule with source zones A and B and destination zones A and B, the rule would apply to all traffic within zone A, all traffic within zone B, and all traffic from zone A to zone B and all traffic from zone B to zone
  • An 'intrazone' type policy will only allow (or block) sessions inside the same zone, this can be very useful when the firewall is set up in Layer 2 mode and is bridging VLANs from one switch stack to the other where each VLAN is represented by a zone.
  • An 'interzone' type policy is the exact opposite, it will only allow sessions from one zone to a different zone, even if the same zone is listed in the destination field, which is useful when a lot of bidirectional policies need to be set up without inadvertently allowing or blocking sessions inside a zone.

 

For another cool resource to help you tighten up security, with a few nifty tricks, please check out: Security Policy Rule Optimization.

 

Thanks for taking time to read this blog.

Don't forget to hit that Like (thumbs up) button and don't forget to subscribe to the LIVEcommunity Blog.

 

Stay Secure,
Kiwi out!

 

  • 1223 Views
  • 0 comments
  • 1 Likes
Register or Sign-in
Labels