cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

233
Views
0
Helpful
1
Replies
Highlighted
Beginner

Direct Internet Access with Zone Based Firewall Rules

Hi,

I'm on the Security team and was provided the below devices for security evaluation by our network group.

Question for the Zone Based Firewall (ZBFW) on this hardware:

How do you create ZBFW Rules for Direct Internet Access (DIA) in vManage?

These rules could be Inspect or Drop.

 

Is it even possible?

 

I have used the Traffic Data Rule Policy settings to test DIA (VPN.0)  but the preference is to use ZBFW only and not have to use a hybrid of ZBFW rules that perform proper statefull firewall flows and Traffic Rules that require manual 2 way setup.

 

Unit 1:

Model: C1111X-8P

Version: 16.10.2

Connectivity: biz-internet (DHCP)

Unit 2:

Model: ISR4331

Version: 16.10.2

Connectivity: biz-internet Static

 

Thanks,

John

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: Direct Internet Access with Zone Based Firewall Rules

Solved
had to complete configuration for DIA,

View solution in original post

1 REPLY 1
Highlighted
Beginner

Re: Direct Internet Access with Zone Based Firewall Rules

Solved
had to complete configuration for DIA,

View solution in original post

CreatePlease to create content