Cisco SDWAN: Enterprise App Aware Firewall Configuration

Cisco SDWAN: Enterprise App Aware Firewall Configuration

Amazon.com Best Deals Toys     ⭐Amazon.com Best Deals Health
Amazon.com Best Deals Electronics  ⭐Amazon.com Best Deals Video Games

The usage of the zones is defined in our prior article where we talked on the fundamentals of the Enterprise App Aware Firewall in Cisco SDWAN. In this section, we will discuss how to set them up on Cisco SDWAN vManage.

To understand the Cisco SDWAN's Enterprise App aware firewall you need to understand the zone-based model to inspect and control traffic based on applications or application families.

When data traffic flows are matched using any of the six available match criteria (Source port, destination port, protocol, application/application family, and source data prefix) on the vManage security policy dashboard, the Enterprise Firewall with App Aware policy, a localized security policy, enables stateful inspection of those flows. 

Cisco SDWAN Firewall Zones
Fig 1.1- Cisco SDWAN Firewall Zones

⚡ Related : Cisco SD-WAN App-aware SLA Based routing in Action

⚡ Related : Enterprise App Aware Firewall in Cisco SDWAN

Lets stalk about how to setup the Enterprise App Aware Firewall Configuration through the Cisco vManage.

Step 1: vManage>> Configuration >> Security >> Add Security Policy ( click on the security policy) and you will see the below screen after that

Cisco SDWAN Security Policy

Step 2: As we are going to use for the Compliance, Click on the compliance as shown above and proceed further

App aware firewall Cisco SDWAN

Step 3: Click on "Add Firewall Policy" and click Create new. Once you created you need to give a name to that policy with the description and add the rules 

firewall rules sdwan

You can see the sample firewall policy as below 

Sample firewall policy Cisco SDWAN

Step 4: you can add the Source, Source port, Destination, Destination port, Protocol and Application list to drop and then save 
Cisco SDWAN Firewall Rules

Step 5: Once you applied the firewall rules, you need to apply the zone-pairs as shown below
Cisco SDWAN Zones

Step 6: Save the zone based policy. we didn't add any rule here but adding the rule is easy as you did in the firewall using the source, source port, destination, destination port and the application list.

Continue Reading...

More on SDWAN...

No comments