EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

Service Insertion FW traffic flow

Service Insertion FW traffic flow

Posted on Jan 27, 2020 (0)

Service Insertion FW traffic flow

Task: Configure Service Insertion FW in such a way that traffic from Branch1 to Branch 2 traverse through FW at DC1 or DC2.

Configure the Following to achieve this task:

Topology:

Solution:

Go to Configuration | Policy | Centralized Policy | Add Policy | Create Groups of Interest | Next to move to Configure Topology & VPN Membership

Click Add Topology | Custom Control Topology | Name Multi-Topology-FW | Sequence Type Route: Name: VPN20toDC | Match Site Id All-Branches, VPN-id Secpci-VPN | Action Accept, Set TLOC: DC-TLOCs

Click Sequence Type: Route | Name FW-Service-Insertion | Match VPN ID: Corp-VPN, Site ID: All-Branches | Match Accept | Service FW VPN 10 |

Default Action | Accept

Click on VPN Membership | Add VPN Membership Policy | Name Drop-GuestWifi-VPN40 | Site List: All-Branches, VPN-List Corp-VPN, SecPci-VPN | Save



Click Next to Move Traffic Data Rules | Traffic Data | Add Policy | Create New | Name Application Firewall Drop

Sequence Type: Application Firewall | Name Application Firewall Drop | Match Destination Prefix: All-Prefixes | Action: Drop

Default Action: Accept

Save and Move Next to Configure Apply Policy to Sites & VPNS

Select Traffic Data | name Multi-Topology-FW-Service-Channing | Under Application Firewall Drop

Select New Site List & VPN List | Site List: All-Branches | VPN-List: Guest-VPN | Direction Service

Select Topology | Direction Out | Site List: All-Branches

Activate this policy.

Verification:

Select Monitor | Network | BR2-VEDGE1 | Troubleshooting | Traceroute

Proceed with blow figure and you will see that Traffic from Branch 1 to Branch 2 is going to FW (198.18.130.1 or 10.2.0.1 ) sitting in DC1 and DC 2.


[/pms-restrict]


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.