10-12-2023 03:07 AM
Forgive me as this question will probably seem a bit daft. We are using Prisma Access (Panorama Managed) , we have two mapped zones - one for trust and one to untrust. We have service connections that allow our users to access internal resources.
I have a question about Sec Pol configuration for our mobile users device group.
For our on-prem NGFWs we use best practice policies described here.
Is this also appropriate for prisma mobile users, (we do not split tunnel internet traffic) Please see screen shot above for proposed configuration. I guess my question more specifically is do we need the rules that block these dynamic lists as source , or is destination enough? I guess my hesitation is because it don't really understand with prisma how traffic originating from untrust is treated , does the predefined network even allow any traffic originating from untrust ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
