Managing your Firewall.
The SD-WAN Orchestrator gives you amazing control over your network, right down to an app level. Sometimes, though, you’ll need to take a broad-brush approach to blocking applications. The Orchestrator’s firewall control panel lets you set rules to completely block specific apps or entire categories of application. This video walks through the process in simple steps.
In this short tutorial we’re going to have a look at how to use the firewall in the orchestrator. Under this tab you’ll see a number of rules which effect the behaviour of your firewall. As we’ve seen, the orchestrator already delivers amazing control over how you use your network bandwidth based on prioritising apps and groups. However, there might be specific applications you want to block all together. It’s easy to do by creating firewall rules. To create a new rule, you start by clicking up here. Just like the other configuration screens you can give your rule a name. Once again there are options for defining sources and destinations. But the Orchestrators’ strength is the ability to control your network at an app level. So it’s usually best to choose an app or app category when you’re defining a firewall rule. Let’s say we need to block Facebook completely, it’s easy to search directly for the app here. Once you’ve found it there are two options, allow or deny. Let’s choose deny. And then we’ll click on ok to close the window. Once you’ve closed the window you’ll see the new rule you created with the name you chose. At this stage you’ll need to click “save changes” so the new rule is saved. As soon as you press save changes the new rule will be pushed directly out to all of the edge devices included in the profile.
There are a few other options that are useful to understand. Up here you can see a switch for firewall logging. This will keep a log of all firewall activity, usually we suggest you leave this option switched off, unless you need to activate it on for specific diagnostic purposes. Firewall rules work in a similar way to business policies, whichever rule applies first determines the action that takes place. Just like business policies you can re-order your rules easily using the small icon next to the rule number. By clicking on it and dragging you can drag a rule into a new position on the list. It’s important to understand how the order of your firewall rules might impact traffic in unexpected ways. For example, if the first rule in your list is set up for all social media applications and allows them, but the third rule in your list is configured to deny Facebook, the first rule will take preference and Facebook traffic will be allowed over the network because of this its important to consider how your firewall rules will impact each other. Especially when you’re using a combination of groups and individual apps when creating your rules.
Thanks for watching this short video about the firewall features in SD-WAN’s Orchestrator. We have a number of other tutorial videos on our website, so make sure you take a look. Bye for now.