SD-WAN

rajesh4 · ‎08-14-2024

Dear Team,

1) Head Office --- Firepower 1010 firewall

2) Branch office --- Firepower 1010 firewall

Requirement below:-

Only few URL's traffic burst out in branch office ISP and remaining all application or internet access and internal server all traffic burst out from Head Office

This is possible, then please share the KB-Article.

MHM Cisco World · ‎08-14-2024

Sorry can ypu more elaborate

MHM

rajesh4 · ‎08-14-2024

Hi,

We have one Head Office and five Branch Office's and Now we are planning only specific url's traffic burst out via Branch office ISP and Internal server and Internet traffic burst out via Head Office.

MHM Cisco World · ‎08-14-2024

FW in SWDAN have different positions and role'

SDWAN can config under FW so FW need to open port for dtls/tls/ipsec and also if you use ssl policy then you must not decrypt ssl.

If SDWAN run DAI and it behind FW then additional to port open you need to allow traffic from internal to internet.

If FW use in HQ abd you use net service then this need design to allow traffic ingress and egress of FW (FW inspect traffic between branchs)

MHM

Rob Ingram · ‎08-14-2024

@rajesh4 FTD does have some SD-WAN capabilities that could meet your requirements, but only if managed by FMC.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/usecase/b_wan-deployment/m_direct-internet-access-usecase.html

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/740/management-center-device-config-74/sd-wan-capabilities.html

You can also refer to the Cisco Live presentation - Optimizing Security and Agility: Leveraging SD-WAN with Cisco Secure Firewall - BRKSEC-2086

rajesh4 · ‎08-16-2024

@Rob Ingram

Noted, thanks for update and i am checking internally and once we have setup done and update you on same.