Manage Traffic within two vsys

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Manage Traffic within two vsys

L2 Linker

Hi,

 

How to route traffic between two vsys on same firewall? Currently when I am trying to put policy, I am not able to see required destination under security policy which belongs to other vsys on same firewall. Does it require some specific configuration?

1 accepted solution

Accepted Solutions

L6 Presenter

@Vikashh,

 

Yes, you can achieve it with the help of External Zone. This type of zone is required  to allow traffic between zones in different Vsys. Such zones do not have any  interface or IP like normal security zones. These are only associated with specific Vsys. While creating such Zone, you need to select type as external and configure desired Vsys  under it.

 

If you have multiple Virtual Routers, you need to route traffic between Route-to-Router. You need  to add static Routes which will point to other VR as next hop.

 

Once your desired External zones are configured, you should see zone under Security Policy and have required communication between zones in different Vsys. As Traffic will get route from one vsys to other so you should have required security Policies and NAT (in any) under each Vsys.

 

Hope it helps!

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

View solution in original post

2 REPLIES 2

L6 Presenter

@Vikashh,

 

Yes, you can achieve it with the help of External Zone. This type of zone is required  to allow traffic between zones in different Vsys. Such zones do not have any  interface or IP like normal security zones. These are only associated with specific Vsys. While creating such Zone, you need to select type as external and configure desired Vsys  under it.

 

If you have multiple Virtual Routers, you need to route traffic between Route-to-Router. You need  to add static Routes which will point to other VR as next hop.

 

Once your desired External zones are configured, you should see zone under Security Policy and have required communication between zones in different Vsys. As Traffic will get route from one vsys to other so you should have required security Policies and NAT (in any) under each Vsys.

 

Hope it helps!

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

Thanks Mayur for detailed explanation. To be honest, I had some idea about external zone type. But never had experience on configuring and working around it. Now I am fully confident on the configuration part. Thank you again for your time and response. I will keep updated on this.

  • 1 accepted solution
  • 3390 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!