ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
Hello Assume 2 local firewalls in a set of firewalls, all managed by same Panorama. One is protecting ATM firewall and the other is DC Server firewall. ATM 's get their IP 's from branches so they are very random, and routing is basically like 10.0.0.0/8 ge 27 le 30 and 10.0.0.0/8 ge 29 le 30. So we dont know IP, Range, subnet for a firewall rule, they are very random. If we try to make a list it would not be maintainable. We accept the risk while writing a firewall policy on atm firewall, where as we define source or destination "any" for specific addresses / ports. The problem occurs when we need to give access from DC firewall. Because we cant write destination of ATM 's, we have to write a rule which basically is like from:serverip to:any port:x, which applies to "all" traffic going outside of DC server firewall from this ip, regardless of being sent to atm firewall. I am looking for a way to manage this, like allow traffic from server ip to any destination, only if the destination is on atm firewall. Can we manage this via zones / tags or else. Firewalls are vwire. Thanks in advance Regards
... View more