Stateful Firewall and NAT Support 编辑

This feature provides a firewall built into the SD-WAN application. The firewall allows policies between services and zones, and supports Static NAT, Dynamic NAT (PAT), and Dynamic NAT with Port Forwarding. More firewall capabilities include:

• Provide security for user traffic within SD-WAN network (Enterprise and Service Providers)
• (Potential) Reduction of External Equipment (Enterprise and Service Providers)
• Using the same IP address space for Multiple customers: NAT Capability (Service Providers)
• Apply multiple firewalls from a global perspective (Service Providers)
• Filtering traffic flows between Zones
• Filtering traffic between services within a Zone
• Filtering traffic between services that reside in different Zones
• Filtering traffic between services at a site
• Defining Filter Policies to Allow, Deny, or Reject flows
• Tracking flow state for selected flows
• Applying Global Policy Templates
• Support for Port Address Translation for traffic to the Internet on an untrusted port, as well as port forwarding inbound and outbound
• Provide Static Network Address Translation (Static NAT)
• Provide Dynamic Network Address Translation (Dynamic NAT)
• Port Address Translation (PAT)
• Port-Forwarding

To simplify the configuration process, firewall Policies are created at the Global Configuration level. This Global configuration consists of Pre-Appliance and Post-Appliance site Policy Templates that can be applied to all sites within the SD-WAN network.

Note

It is not recommended to use firewall in Fail-to-Wire inline mode due to security reasons.

Global-policy templates

Pre-policy template

Post-policy template