Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
989
Views
0
Helpful
2
Replies

SDWAN Security policy processing order

csdinesh18
Level 1
Level 1

‎11-18-2020 06:46 AM

When a packet macthes the URL-Filtering policy and Enterprise firewall policy, which one will take preference in Cisco SDWAN?

Could you help with order of packet processing for security policies in Cisco SDWAN?

Labels:
0 Helpful
2 Replies 2

Kanan Huseynli
VIP
VIP

‎11-19-2020 05:00 AM

Hi,

URL policy and Firewall policy are basically permit/deny policies, they don't determine exit interface and/ or next-hop device. So, if they both allow then traffic will be forwarded, if one of them denies then traffic will be denied.

The main point is when you do AAR (application aware routing) and data policy. In this case, the action should be taken that data policy will not override AAR policy.

See page 84 of below session:

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2019/pdf/TECCRS-2014.pdf


Regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Naseer Anjan
Level 1
Level 1
In response to Kanan Huseynli

‎11-26-2020 07:25 AM

Hi,

 

Enterprise firewall policy will be checked first since it will acting on lower layer like L3 and L4 but URL filtering works on Layer7. 

0 Helpful
Customers Also Viewed These Support Documents