Cisco SDWAN: Enterprise App Aware Firewall Configuration

Cisco SDWAN: Enterprise App Aware Firewall Configuration

⭐Amazon.com Best Deals Toys     ⭐Amazon.com Best Deals Health
⭐Amazon.com Best Deals Electronics  ⭐Amazon.com Best Deals Video Games

The usage of the zones is defined in our prior article where we talked on the fundamentals of the Enterprise App Aware Firewall in Cisco SDWAN. In this section, we will discuss how to set them up on Cisco SDWAN vManage.

To understand the Cisco SDWAN's Enterprise App aware firewall you need to understand the zone-based model to inspect and control traffic based on applications or application families.

When data traffic flows are matched using any of the six available match criteria (Source port, destination port, protocol, application/application family, and source data prefix) on the vManage security policy dashboard, the Enterprise Firewall with App Aware policy, a localized security policy, enables stateful inspection of those flows. 

Fig 1.1- Cisco SDWAN Firewall Zones

⚡ Related : Cisco SD-WAN App-aware SLA Based routing in Action

⚡ Related : Enterprise App Aware Firewall in Cisco SDWAN

Lets stalk about how to setup the Enterprise App Aware Firewall Configuration through the Cisco vManage.

Step 1: vManage>> Configuration >> Security >> Add Security Policy ( click on the security policy) and you will see the below screen after that

Step 2: As we are going to use for the Compliance, Click on the compliance as shown above and proceed further

Step 3: Click on "Add Firewall Policy" and click Create new. Once you created you need to give a name to that policy with the description and add the rules 

You can see the sample firewall policy as below 

Step 4: you can add the Source, Source port, Destination, Destination port, Protocol and Application list to drop and then save 

Step 5: Once you applied the firewall rules, you need to apply the zone-pairs as shown below

Step 6: Save the zone based policy. we didn't add any rule here but adding the rule is easy as you did in the firewall using the source, source port, destination, destination port and the application list.

Continue Reading...

• Cisco ASR 1001-HX router as SDWAN router - The Network DNA
• Cisco ASR 1002-X router with NAT64 configurations - The Network DNA
• Cisco ASR 1002-X Basics - The Network DNA
• Cisco ASR 1000: CEF load Balancing Issue and Possible Solution
• Cisco Launches Cisco Catalyst 8000 Edge Platforms : SASE ready, SDWAN enabled
• Downgrade IOS-XE SD-WAN to IOS-XE - The Network DNA
• Redefining Connectivity with new Cisco Services Edge Platform
• Cisco SDWAN Resources - The Network DNA
• Cisco ASR 1001-X Router
• Cisco ASR Compare models- Hardware Comparison ( ASR 1000 Series feature set comparison)

More on SDWAN...

• Cisco SD-WAN: Underlay Network vs Overlay Fabric
• Cisco SDWAN: TLOC & TLOC Carrier
• Cisco SDWAN: Breaking Down Communication Between TLOC Colors
• Cisco Viptela SDWAN: Packet Duplication
• Unify Your Remote Access with Cisco SD-WAN
• Port Channel on Cisco Catalyst 8300 SDWAN devices
• Cisco Viptela SDWAN: Part 1 Migration from vEdges to Catalyst 8500/8300 Routers
• Cisco SDWAN: Reset IOS-XE SDWAN router
• Finding the Right SD-WAN Vendor for Your Business