04-27-2011 03:31 PM
Is it best practice to combine all trusted zones into one policy? (See below)
Or Split them out like this (See Below)
04-28-2011 10:16 AM
We really do not have any "Best Practices" with regard to this because different customers/industries have different needs. This is often done to simplify the ruleset especially if there are 2 or more zones with identical security requirements. The paloalto logs traffic that traverse zones so this is sometimes preferred to having 3 interfaces all part of zone = trust. Combining all of the zones in one rule can also fix or compensate for some of the "side effects" of creating an "Any/Any/Deny" rule for cleanup and logging.
Steve Krall
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
