Prisma Security Policy Configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Prisma Security Policy Configuration

L1 Bithead

Forgive me as this question will probably seem a bit daft. We are using Prisma Access (Panorama Managed) , we have two mapped zones - one for trust and one to untrust. We have service connections that allow our users to access internal resources.  

 

I have a question about Sec Pol configuration for our mobile users device group. 

 

For our on-prem NGFWs we use best practice policies described here. 

 

https://docs.paloaltonetworks.com/best-practices/internet-gateway-best-practices/best-practice-inter...

 

Is this also appropriate for prisma mobile users, (we do not split tunnel internet traffic) Please see screen shot above for proposed configuration. I guess my question more specifically is do we need the rules that block these dynamic lists as source , or is destination enough?  I guess my hesitation is because it don't really understand with prisma how traffic originating from untrust is treated , does the predefined network even allow any traffic originating from untrust ? 

0 REPLIES 0
  • 487 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!