EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFConfiguring Zone based Firewall
Configuring Zone based Firewall
Below is the steps defined for CLI.
CLI Configuration Procedure:
Create lists of IP prefixes:
vEdge(config)# policy
vEdge(config-policy)# lists data-prefix-list list-name
vEdge(config-data-prefix-list)# ip-prefix prefix/length
Configure a source zone ,this is a group of VPNs from which data traffic flows.
vEdge(config)# policy zone source-zone-name
vEdge(config-zone)# vpn vpn-id
Configure a destination zone, this is a group of VPNs to which data traffic flows.
vEdge(config)# policy zone destination-zone-name
vEdge(config-zone)# vpn vpn-id
Create a zone-based firewall policy:
vEdge(config)# policy zone-based-policy policy-name
vEdge(config-policy-zone-based-policy)#
Create a series of match–action pair sequences:
vEdge(config-zone-based-policy)# sequence number
vEdge(config-sequence)#
Define match parameters for the data traffic:
vEdge(config-sequence-number)# match match-parameter
Define actions to take when a match occurs:
vEdge(config-sequence)# action drop
vEdge(config-sequence)# action inspect
vEdge(config-sequence)# action log
vEdge(config-sequence)# action pass
Define the default action, when data traffic does not match the conditions:
vEdge(config-policy-name)# default-action (drop | inspect | pass)
If you do not include VPN 0 in any of the zones that you configure in a zone-based firewall, by default, packets are able to reach destination zones that are accessible only over the public internet. You can also disallow this traffic.
vEdge(config)# policy zone-to-no-zone-internet (allow | deny)
Create a zone pair, and define the source and destination zones in that pair and the zone-based firewall policy to apply to the flows between those two zones:
vEdge(config)# policy zone-pair pair-name
vEdge(config-zone-pair)# source-zone source-zone-name
vEdge(config-zone-pair)# destination-zone destination-zone-name
vEdge(config-zone-pair)# zone-policy policy-name
Example 1 isolating two VPNs
Here let see the topology, which describes the following and also defines the flow between different VPNs.
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Configure vManage & Generate Certificate
- Configure vBond & Generate Certificate
- Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- Advancing Your Career with Cisco Data Center Mastery: A Comprehensive Guide to Nexus Training
- Securing Networks in the Digital Age: Your Guide to Mastering Cisco Identity Services Engine (ISE)
- Becoming an AWS Solution Architect: Your Path to Cloud Expertise
- Navigating Your Journey to Docker Expertise: Master Docker with Comprehensive Training and Certification
- Transform Your Azure Networking Expertise Through AZ-700 Training
- Why Choose DClessons for Your SD-WAN Velocloud Training Needs
- Next-Level Networking: Unlocking Cisco ACI and DCACIA Potential with DClessons
- Mastering Data Center Technologies with DClessons: A Comprehensive Guide to Cisco CCIE Data Center Training
- Why Choose Cisco SD-WAN Solutions with DClessons?
- What is Docker and Why is It Important?
LEAVE A COMMENT
Please login here to comment.