Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-06-2020 04:44 AM
Hi,
How to route traffic between two vsys on same firewall? Currently when I am trying to put policy, I am not able to see required destination under security policy which belongs to other vsys on same firewall. Does it require some specific configuration?
05-06-2020 05:15 AM
Yes, you can achieve it with the help of External Zone. This type of zone is required to allow traffic between zones in different Vsys. Such zones do not have any interface or IP like normal security zones. These are only associated with specific Vsys. While creating such Zone, you need to select type as external and configure desired Vsys under it.
If you have multiple Virtual Routers, you need to route traffic between Route-to-Router. You need to add static Routes which will point to other VR as next hop.
Once your desired External zones are configured, you should see zone under Security Policy and have required communication between zones in different Vsys. As Traffic will get route from one vsys to other so you should have required security Policies and NAT (in any) under each Vsys.
Hope it helps!
Mayur
05-06-2020 05:15 AM
Yes, you can achieve it with the help of External Zone. This type of zone is required to allow traffic between zones in different Vsys. Such zones do not have any interface or IP like normal security zones. These are only associated with specific Vsys. While creating such Zone, you need to select type as external and configure desired Vsys under it.
If you have multiple Virtual Routers, you need to route traffic between Route-to-Router. You need to add static Routes which will point to other VR as next hop.
Once your desired External zones are configured, you should see zone under Security Policy and have required communication between zones in different Vsys. As Traffic will get route from one vsys to other so you should have required security Policies and NAT (in any) under each Vsys.
Hope it helps!
Mayur
05-06-2020 10:59 AM
Thanks Mayur for detailed explanation. To be honest, I had some idea about external zone type. But never had experience on configuring and working around it. Now I am fully confident on the configuration part. Thank you again for your time and response. I will keep updated on this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
