Trying to make sure I understand this correctly. For each zone to used within the SDWAN they must be mapped to the pre-defined SDWAN zones. For the following example would this be the correct method of mapping:
Pre-SDWAN zones (same zones at all sites)
SDWAN Zone Mapping
Zone Internet: Untrust Trust-1, Trust-2,Trust-3
Zone to Hub: Trust-1, Trust-2,Trust-3
Zone to Branch: Trust-1, Trust-2,Trust-3
Zone Internal: Trust-1, Trust-2,Trust-3
Hi @Jeff-Intuitive ,
I'm pretty sure that Untrust will map to Zone Internet only.
Depending on the other access you need :
I'm currently also doing the first steps with SDWAN.
We need to recycle the prexisting zones, so the preexisting SDWAN zone and Trust zone should be mapped to zone-to-branch and zone-internal, but that doesn't work.
Only the Untrust <> Zone-Internet mapping worked.
Also - how should the policy in Panorama and locally on the Firewall look like? Which logs should I expect to see on the firewall and in Panorama?
Several components here for it to work, all done through Panorama not on the firewall itself.
Map zones as you saw
Create the SDWAN policy for the zone to encrypt the traffic when talking to the 'zone-hub' 'zone-branch' etc etc
Create Firewall policy that allows those zones to talk to one another.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!