After the Symantec Firewall Service and Service
Center Data Center IPSEC router or Cloud Connector are configured,
the next step is to steer branch application traffic to the Firewall
Services.
Some of the most common examples of how a traffic
policy can be configured per application are:
Send
all Internet-bound traffic from a set of branches to the Symantec
Firewall Service (Blanket Suspect list).
Send all Internet-bound traffic from a set of branches to
the Symantec Firewall service except for specific known applications.
(Suspect list-Allow list).
Send all Internet traffic direct to the Internet except for
certain applications that need additional inspection or security.
(Allow list-Suspect list).
The Prisma SD-WAN Secure
Application Fabric enables granular controls for virtually unlimited
number of policy permutations down to the sub-application level.
The following configuration will use a
Blanket-Suspect list
style
deployment:
Create a Data Center Group that will include the
Service Center Data Center(s).
From the
Policies
tab, click
Data
Center Groups
.
In the
Data Center Groups
window,
click
Add New
.
In the
Group Name
field, enter a descriptive
name, such as
Web Security Services Bindings
.
Under
Data Centers
, select each Data
Center that will participate in this group.
Edit individual
Policy Set
rules
to use the new
Service Bindings
.
In the
Policies
screen,
under the
Network Policies
tab, click the
policy you wish to edit.
From this policy set, select one or more policy rules, and
click the edit icon.
In the policy rule, click
Next
until
you come to the
Service Group
option.
In Data Center Groups, select an Active and Backup Data Center
Group for the application.
Optionally, the Data Center group can be flagged as
Required
for
this policy rule.
If flagged as
Required
,
the traffic must transit through these Data Centers or the traffic
will be dropped.
Use of the
Required
flag also prevents
any
Direct Internet
or
Direct
MPLS
path from being allowed as an Active or Backup
path.
Click
Next
, and select
Save
to
apply the policy rule changes.
Verify that the Policy rules have the appropriate Data
Center Groups configured.
Enterprises
can set up per-application, direct-to-cloud policies to deliver
the cloud securely and with high performance to the remote office
because of integration between Prisma SD-WAN and Symantec Web Security
Services. At the same time, the remote office device footprint is
minimal with rapid cloud-based services delivery.