What is the purpose of security policies in SD-WAN regarding VPNs and tenants?

Security policies in SD-WAN define how traffic is segmented and controlled across the fabric, especially when multiple VPNs or tenants share the same network. They enforce isolation by specifying which traffic can cross VPN boundaries, applying rules that act like firewall controls, access lists, and inspection policies, and by defining encryption boundaries so that traffic stays within its intended domain. This ensures that one tenant’s data cannot mix with another’s and that enforcement points across the fabric consistently apply the same security posture. In practice, these policies determine who can talk to whom, what types of traffic are allowed, and how encryption is applied, providing the necessary separation and protection in a multi-tenant SD-WAN environment. Choices that focus only on authentication, device onboarding, or encryption algorithms, or that address data compression, don’t capture the broader role of policies in isolating and regulating traffic across VPNs.