Device Groups in this Use Case
In Use Case: Configure Firewalls Using Panorama, we need to define two device groups based on the functions the
firewalls will perform:
- DG_BranchAndRegional for grouping firewalls that serve as the security gateways at the branch offices and at the regional head offices. We placed the branch office firewalls and the regional office firewalls in the same device group because firewalls with similar functions will require similar policy rulebases.
- DG_DataCenter for grouping the firewalls that secure the servers at the data centers.
We can then administer shared policy rules across both device
groups as well as administer distinct device group rules for the
regional office and branch office groups. Then for added flexibility,
the local administrator at a regional or branch office can create
local rules that match specific source, destination, and service
flows for accessing applications and services that are required
for that office. In this example, we create the following hierarchy
for security rules. you can use a similar approach for any of the
other rulebases.
Security Rules Hierarchy
