Security Policy Guidelines

Security policies determine whether to block or allow a new network session based on traffic attributes such as the source and destination security zones, the source and destination addresses, the application, and service. Depending upon how the security policy service definition is configured, traffic connection attempts that are incomplete may be misinterpreted by a network mapping tool (NMAP) and may determine that the port is always open. This document explains how the service definition works with applications and the best practices for creating security policies.

This content applies to PAN-OS 4.1. For information on later versions, refer to Palo Alto Networks Product Documentation.

Revision History

3/11/2013 - Posted a new Rev C PDF. See the Revision History section for details.

2/15/2013 - Posted a new Rev A PDF, just to fix an error in the file name. No content changed.

owner:jparapurath