- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- Collaboration
- ›
- Discussions
- ›
- General Topics
- ›
- Universal policy Implicit Deny blocking Intrazone Traffic
Universal policy Implicit Deny blocking Intrazone Traffic
Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
Universal policy Implicit Deny blocking Intrazone Traffic
Hi All,
I configured the implicit deny (Universal Policy) policy at the bottom of security policies but after that, I could see that some of the Intrazone access got denied by the implicitly deny policy.
How we can achieve the Implicit deny policy without affecting the intrazone connections ??
Thanks in Advance...
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
By implicit Deny are you simply saying that you made essentially an 'any any' deny policy to capture any traffic that doesn't have a security policy?
Assuming that you are and that you are relying on your default intrazone policy to allow all of the traffic, the above policy isn't what you would want to do. You need to build out security entries for the intrazone traffic or make broad intrzone traffic allow policies above your implicit deny policy. I would personally recommend that you take the time to build out proper individual security entires to allow the traffic.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
Universal includes both interzone and intrazone. If you have a universal deny policy, the behaviour you are seeing is operating as expected. Change the rule to interzone instead of universal and it should operate as you are expecting.
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
