The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The NGFW security policies in Catalyst SD-WAN Manager are a set of rules and configurations designed to protect systems, networks, and data from unauthorized access, misuse, or threats. Catalyst SD-WAN Manager provides a comprehensive framework for both implementing and managing NGFW security policies.
Note that you cannot delete an NGFW policy from Security Cloud Control Firewall Management that is already associated with a policy group in Catalyst SD-WAN.
|
Step 1 |
In the left pane, click . |
|
Step 2 |
Navigate to the policy and click the ellipsis (…) under the Action column. |
|
Step 3 |
Click View, Edit, Delete, or Copy. |
Ensure that these devices are deployed and managed using a configurations group. For more information about creating configuration groups, see Configuration Groups and Feature Profiles.
|
Step 1 |
In the left pane, click . |
||||||||||
|
Step 2 |
On the Catalyst SD-WAN NGFW Policies page, click Add NGFW Policy. This launches the Create NGFW policy workflow. |
||||||||||
|
Step 3 |
On the Security Policy Name tab, enter Policy Name and Description, and under Device Solution, select the sdwan radio button and click Next. |
||||||||||
|
Step 4 |
On the Select the optional Configuration Group to associate with the security policy page, choose the configuration group to associate with the NGFW policy and click Next. |
||||||||||
|
Step 5 |
On the Create Sub-Policies tab, click +Add Sub-Policy to add sub-policies for a security policy.
|
||||||||||
|
Step 6 |
Click Additional Settings to configure additional settings for a security policy. Refer to the steps used in the procedure, Configure NGFW Additional Settings. Click Save. |
||||||||||
|
Step 7 |
Click on the ellipsis (...) at the top left corner of the existing sub-policy to Edit, Delete, or Copy it. |
||||||||||
|
Step 8 |
To add a rule to a sub-policy, navigate to the sub-policy and click + Add Rule.
|
||||||||||
|
Step 9 |
To modify an existing rule, click the pencil icon to Edit, Disable, Delete, Clone rule, Add rule on top, or Add rule below. |
|
Step 1 |
In the left pane, click . |
|
Step 2 |
Navigate to the policy you want to associate with a policy group. Click the ellipsis (…) under the Action column and click Associate Policy Group. |
|
Step 3 |
Select the policy and click Save. |
A policy group in Catalyst SD-WAN refers to a logical grouping of related items or configurations that are used in Next-Generation Firewall (NGFW) security policies. These groups are created to simplify the process of applying policies across multiple devices or sites.
NGFW policy modifications, including security objects and profiles, from Security Cloud Control Firewall Management, must be deployed to Secure Router devices using the Catalyst SD-WAN Manager.
You can access the workflow by choosing menu in Catalyst SD-WAN Manager. The Deploy Policy Group workflow enables you to associate Secure Router devices and deploy the policy group to the selected devices.
For more information, refer to the Deploy Policy Group Workflow section in the Policy Groups Configuration Guide, Cisco IOS XE Catalyst SD-WAN.
Feedback