1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up a Firewall in Cisco ACI
    5. Integrate the Firewall with Cisco ACI in Network Policy Mode
    6. Deploy the Firewall to Secure East-West Traffic in Network Policy Mode
    7. Create Security Policy Rules

    Create Security Policy Rules

    Create security policy rules on the firewall to control traffic flow between EPGs in Cisco ACI.
    Create security policy rules to control the traffic moving between your EPGs. By default, the firewall allows all intrazone traffic. Therefore, because the EPGs are in the same zone, all between those EPGs is allowed. Before creating a new rules, you will change the default intrazone rule from allow to deny.
    1. Select
      Policies
      Security
      .
    2. Click on intrazone-default to highlight the row and click
      Override
      .
    3. Select the
      Action
       tab.
    4. Select Deny from the
      Action
       drop-down.
    5. Click
      OK
      .
      modify-intrazone-default-rule.png
    6. Configure additional security policy rules based on your needs using the address objects and zone you created for your EPG.
      create-security-policy-aci.png

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo