Verifying firewall policies on a spoke
To verify firewall policies on a spoke:
-
In FortiOS, on a spoke FortiGate, go to Policy & Objects > Firewall Policy.
-
Verify that firewall policies have been configured.
OaaS creates wildcard allow policies for the tunnel overlays on the spoke FortiGates. For some cases, these policies do not provide the necessary granularity to restrict overlay traffic to specific subnets or hosts. |
OaaS will not affect any other FortiGate configuration settings and will only create and modify configuration settings that it generated. Therefore, the FortiGate spoke administrator is free to add firewall policies and other configuration settings as needed that only reference these specific configuration settings created by OaaS:
However, to ensure proper operation of OaaS with regards to topology changes and updates, ensure that you do not reference any other OaaS configuration settings in firewall policies and other configuration settings that you have added after installing settings orchestrated from OaaS. |