Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1506
Views
0
Helpful
6
Replies

doubt with service insertion in SD-WAN

Go to solution
rafael5
Level 1
Level 1

‎05-28-2021 05:45 AM

Hi community,

 

i got a question about firewall service insertion, this can be consider control policy or data policy in SD-WAN?

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP

‎05-28-2021 12:18 PM

Hi,

 

both centralized control and data policy can be used for service chaining:

Service Chaining Policy

To route traffic through a service, you provision either a control policy or a data policy on the Cisco vSmart Controller. You use a control policy if the match criteria are based on a destination prefix or any of its attributes. You use a data policy if the match criteria include the source address, source port, DSCP value, or destination port of the packet or traffic flow

 

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/vedge-20-x/policies-book/service-chaining.html 

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-17/policies-book-xe/service-chaining.html 

 

Regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-28-2021 06:00 AM

Most cases FW in the path for both, you can allow what required for SDWAN to establish DTLS / IPSEC with Cloud devices.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
rafael5
Level 1
Level 1
In response to balaji.bandi

‎05-28-2021 06:14 AM

Thx you balaji bandi,

 

the thing is yesterday i fail the sd wan 300-415 exam and there was a question about that....

so, i think it can be consider control policy because in the policy normally i  see the configuration there...

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to rafael5

‎05-28-2021 06:59 AM

Since i was not sure what the question it hard to guess what you got there, if you can elaborate or post the question we may understand better to give reasonable answer.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
rafael5
Level 1
Level 1
In response to balaji.bandi

‎05-28-2021 07:29 AM

in the exam basically ask me about the firewall service insertion is considered an:

 

control policy

data policy

 

and other 2 options i dont remember but something with no sense like bgp & ospf

 

the thing is im not 100% sure if the service insertion is always a control policy in sd wan

 

 

 

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP

‎05-28-2021 12:18 PM

Hi,

 

both centralized control and data policy can be used for service chaining:

Service Chaining Policy

To route traffic through a service, you provision either a control policy or a data policy on the Cisco vSmart Controller. You use a control policy if the match criteria are based on a destination prefix or any of its attributes. You use a data policy if the match criteria include the source address, source port, DSCP value, or destination port of the packet or traffic flow

 

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/vedge-20-x/policies-book/service-chaining.html 

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-17/policies-book-xe/service-chaining.html 

 

Regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
rafael5
Level 1
Level 1
In response to Kanan Huseynli

‎05-28-2021 12:46 PM

Thx you that was what I was looking for 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card