After enabling Web-Access Security Policy Feature, traffic is not hitting the correct security rule

After enabling Web-Access Security Policy Feature, traffic is not hitting the correct security rule.

• Cloud Managed Prisma Access
• Web-Security Feature needs to be enabled

• Web Security comes with default security policy enabled. 
• Web access Security policy is enforced ahead of configured security policy rulebase.
• This may cause the configured security policies not to work.

Here is how the administrator can check the Security Rules when Web-security is on Cloud Managed Prisma Access:

1. Custom Web Access Security Policy under Web-Security > Web Access Policy

 <

2. Global/Default Web Access Policies under Web-Security > Web Access Policy (Refer the above image)

3. Prisma Access Default Pre-rules under Configuration > Security Policy

4. Custom Security Rules under Configuration > Security Policy

5. Prisma Access Post Security Rules under Configuration > Security Rules

Customers can either import saas_recommended policies to Web-Security or configure new custom web-access policies so that their traffic will not match the predefined Web-Access security policy.

Web-security
About-web-security
Saas-Security