topic Manage Traffic within two vsys in General Topics

Manage Traffic within two vsys

Vikashh — Wed, 06 May 2020 11:44:24 GMT

Hi,

How to route traffic between two vsys on same firewall? Currently when I am trying to put policy, I am not able to see required destination under security policy which belongs to other vsys on same firewall. Does it require some specific configuration?

Re: Manage Traffic within two vsys

SutareMayur — Wed, 06 May 2020 12:15:48 GMT

@Vikashh,

Yes, you can achieve it with the help of External Zone. This type of zone is required to allow traffic between zones in different Vsys. Such zones do not have any interface or IP like normal security zones. These are only associated with specific Vsys. While creating such Zone, you need to select type as external and configure desired Vsys under it.

If you have multiple Virtual Routers, you need to route traffic between Route-to-Router. You need to add static Routes which will point to other VR as next hop.

Once your desired External zones are configured, you should see zone under Security Policy and have required communication between zones in different Vsys. As Traffic will get route from one vsys to other so you should have required security Policies and NAT (in any) under each Vsys.

Hope it helps!

Mayur

Re: Manage Traffic within two vsys

Vikashh — Wed, 06 May 2020 17:59:54 GMT

Thanks Mayur for detailed explanation. To be honest, I had some idea about external zone type. But never had experience on configuring and working around it. Now I am fully confident on the configuration part. Thank you again for your time and response. I will keep updated on this.