End-of-Life (EoL)

Create an Outbound Contract

Create a contract with a filter that allows DNS, NTP, HTTP, and HTTPS traffic. You will use this contract to allow all endpoints in the VRF to reach the external networks but limits the traffic sent to the firewall.
  1. On the
    Tenants
    tab, double-click on the name of your tenant.
  2. Select
    Contracts
    Filters
  3. Right-click on
    Filters
    and select
    Create Filter
    .
  4. Enter a descriptive
    Name
    for the filter.
  5. Create a filter entry for UDP traffic.
    1. Click the plus (+) button to the right of
      Entries
      .
    2. Enter a descriptive
      Name
      for the
      UDP
      filter.
    3. Select
      IP
      from the
      EtherType
      drop-down.
    4. Select
      udp
      from the
      IP Protocol
      drop-down.
    5. Select
      dns
      from the
      Destination Port From
      drop-down.
    6. Click
      Update
      .
  6. Create a filter entry for TCP traffic.
    1. Click the plus (+) button to the right of
      Entries
      .
    2. Enter a descriptive
      Name
      for the
      TCP
      filter.
    3. Select
      IP
      from the
      EtherType
      drop-down.
    4. Select
      tcp
      from the
      IP Protocol
      drop-down.
    5. Select
      dns
      from the
      Destination Port From
      drop-down.
    6. Click
      Update
      .
  7. Create a filter entry for NTP traffic.
    1. Click the plus (+) button to the right of
      Entries
      .
    2. Enter a descriptive
      Name
      for the
      NTP
      filter.
    3. Select
      IP
      from the
      EtherType
      drop-down.
    4. Select
      udp
      from the
      IP Protocol
      drop-down.
    5. In the
      Destination Port From
      field, enter 123.
    6. Click
      Update
      .
  8. Create a filter entry for HTTP traffic.
    1. Click the plus (+) button to the right of
      Entries
      .
    2. Enter a descriptive
      Name
      for the
      HTTP
      filter.
    3. Select
      IP
      from the
      EtherType
      drop-down.
    4. Select
      tcp
      from the
      IP Protocol
      drop-down.
    5. Select
      http
      from the
      Destination Port From
      drop-down.
    6. Click
      Update
      .
  9. Create a filter entry for HTTPS traffic.
    1. Click the plus (+) button to the right of
      Entries
      .
    2. Enter a descriptive
      Name
      for the
      HTTP
      filter.
    3. Select
      IP
      from the
      EtherType
      drop-down.
    4. Select
      tcp
      from the
      IP Protocol
      drop-down.
    5. Select
      https
      from the
      Destination Port From
      drop-down.
    6. Click
      Update
      .
  10. Click
    Submit
    .
    create-filters-outbound-contracts.png
  11. Create a contract for outbound traffic.
    1. On the
      Tenants
      tab, double-click on the name of your tenant and select
      Contracts
      .
    2. Right-click on
      Contracts
      and select
      Create Contract
      .
    3. Enter a descriptive
      Name
      for your
      Contract
      .
    4. Click the plus (+) button to the right of
      Subjects
      .
    5. Enter a descriptive
      Name
      for you
      Subject
      .
    6. Under Filter Chain, click the plus (+) button to the right of
      Filters
      .
    7. Select the filter you created previously from the drop-down.
    8. Click
      OK
      .
  12. Click
    Submit
    .

Recommended For You