icon-zpa.svg
Secure Private Access (ZPA)

Configuring Microsegmentation Policies

Admins can create Layer 3 and Layer 4 Microsegmentation enforcement policies to protect east-west traffic in both cloud and data center environments. Policies are applied between resource groups or between a resource group and any other resource. Policies are evaluated from highest priority (lowest integer) to lowest priority (highest integer). No two policies can have the same priority.

The default policy is a rule you must configure when first enabling policy enforcement for your organization. To learn more, see Configuring a Default Microsegmentation Policy.

Prerequisites

Enable policy enforcement for your organization. To learn more, see Enabling Microsegmentation Policy Settings.

Configuring a Microsegmentation Policy

To configure a Microsegmentation policy:

  1. Go to Microsegmentation > Policy.
  2. Click the Resource Policy tab.
  3. Click Add Rule.
    The Add Rule window appears.
  4. In the Add Rule window:
    1. In the General Information section:
      1. Name: Enter a name for the new policy.
      2. Description: (Optional) Enter a description.
      3. Click Next.
    2. In the Rule Configuration section:
      1. Priority: Enter a value between 1 and 5000.
      2. Action: Select Allow, Sim Block., or Block.
      3. Source: Select ANY to allow any sources that apply to the traffic found, or select up to 10 sources total. You cannot select ANY for Source if it is selected for Destination.
      4. Destination: Select ANY to allow any destinations that apply to the traffic found, or select up to 10 destinations total. You cannot select ANY for Destination if it is selected for Source.
      5. Default Port Ranges: Select any or all of the default port ranges.
      6. TCP Port Ranges: Enter TCP port range information in the From and To fields. Click Add TCP Port Range to add up to 10 ranges.
      7. UDP Port Ranges: Enter UDP port range information in the From and To fields. Click Add UDP Port Range to add up to 10 ranges.
      8. Include all AppZones: Select the checkbox to include all AppZones. If you deselect this option, a drop-down menu appears for you to choose which ones to include.
      9. Click Next.
    3. In the Review section, review your configurations. Click the Edit icon to edit any of the fields.
  5. Click Save.

Your new policy rule appears in the list of rules on the Resource Policy page.

Related Articles
Viewing the Microsegmentation Policy MapEnabling Microsegmentation Policy SettingsAbout Microsegmentation PoliciesConfiguring Microsegmentation PoliciesConfiguring the Default Microsegmentation PolicyEditing a Microsegmentation PolicyDeleting a Microsegmentation Policy