End-of-Life (EoL)

Create Security Policy Rules

Create security policy rules on the firewall to control traffic flow between EPGs in Cisco ACI.
Create security policy rules to control the traffic moving between your EPGs. By default, the firewall allows all intrazone traffic. Therefore, because the EPGs are in the same zone, all between those EPGs is allowed. Before creating a new rules, you will change the default intrazone rule from allow to deny.
  1. Select
    Policies
    Security
    .
  2. Click on intrazone-default to highlight the row and click
    Override
    .
  3. Select the
    Action
    tab.
  4. Select Deny from the
    Action
    drop-down.
  5. Click
    OK
    .
    modify-intrazone-default-rule.png
  6. Configure additional security policy rules based on your needs using the address objects and zone you created for your EPG.
    create-security-policy-aci.png

Recommended For You