Branch policy package
To configure the branch policy package:
-
Navigate to Policy & Objects > Policy Packages.
Notice that Branch_Policy has already been created from the SD-WAN Overlay wizard.
-
Select Branch_Policy > Firewall Policy.
Notice how the policy package already contains a policy. -
Select Create New > Create New to create a new policy. The Create New Firewall Policy pane opens.
-
Set the following options, and click OK:
Name
Branch to Datacenter
Incoming Interface
LAN
Outgoing Interface
HUB1, HUB2 (These are SDWAN Zones)
Source
Branch network
Destination
Datacenter Network
Action
Accept
-
In the same Branches policy package, select Create New to define a second policy, Direct Internet Access:
Name
Direct Internet Access
Incoming Interface
LAN
Outgoing Interface
WAN1, WAN2 (These are SD-WAN Zones)
IPv4 Source Address
Branch network
IPv4 Destination Address
all
Action
Accept
NAT
Enable
-
Assign the Branches policy package to the Branches device group.
-
From Policy & Objects > Policy Packages > Branches, select Installation Targets.
-
Verify that the Branches device group is populated under Installation Target.
-