Palo Alto universal rule-type

What 's a universal rule type? We all understand  intrazone or interzone policies but universal is really a combination type.

Examples

intrazone  rule 

  SRC_ZONE=trust1
  DST_ZONE=trust1

traffic src/dst zone is the same zone

interzone  rule 

  SRC_ZONE=trust1
  DST_ZONE=untrust1

traffic src and dst  zones are two unique zones

But with the universal rules we can now define the following zone flows


universal  rule 

  SRC_ZONE=trust1
  DST_ZONE=untrust1


  SRC_ZONE=untrust1
  DST_ZONE=trust1

or

  SRC_ZONE=trust1
  DST_ZONE=trust1

  SRC_ZONE=untrust1
  DST_ZONE=untrust1



It simplify  rules to catch both intra and interzone traffic

Yes, it's that easy!

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \