While configuring business policies, you can select the existing object groups to match the source or destination. This includes the range of IPv4 and IPv6 addresses or port numbers available in the object groups.

For more information on business policies, see Create Business Policy Rules.

You can configure the business policies in Classic or New Orchestrator UI. The following procedure describes the configuration with Classic Orchestrator UI. To configure in New Orchestrator UI, see Configure Business Policies with New Orchestrator UI.

Procedure

  1. In the Enterprise portal, click Configure > Profiles.
  2. Select a profile from the list and click the Business Policy tab.
  3. Click New Rule or Actions > New Rule.
  4. Enter a name for the business rule.
  5. In the Match area, choose the IP address type. By default, IPv4 address type is selected.
    Note: To configure business policy rules with Mixed or IPv6 address type, you must use the New Orchestrator UI. For more information, see Create Business Policy Rule with New Orchestrator UI.
  6. Click Object Group for the source.
  7. Select the relevant Address Group and Port Group from the drop-down list.
    Note: When configuring domains as match criteria for an Address Group, the SD-WAN service first checks for an IP address match. If a match is found, then the service skips domain name matching. However, if no match is found for an IP address, then the service performs a domain name match in the Address Group.
    Important: The matching criteria may match basic wildcard patterns. For example, if you configure a domain in an Address Group as google.com, then mail.google.com and/or www.google.com may also match this criteria. However, if you configure www.google.com as the domain in an Address Group, then mail.google.com will not match this policy.
  8. If required, you can select the Address and Port Groups for the destination as well.
    Based on Address Type selected, the behavior will be as follows:
    • IPv4 Type Rule matches only the IPv4 addresses available in the selected Address Group.
    • IPv6 Type Rule matches only the IPv6 addresses available in the selected Address Group.
    • Mixed Type Rule matches both the IPv4 and IPv6 addresses in the selected Address Group.
  9. Choose Actions as required and click OK.

Results

The business policies that you create for a profile are automatically applied to all the Edges associated with the profile. If required, you can create additional business policies specific to the Edges.
  1. Navigate to Configure > Edges, select an Edge, and click the Business Policy tab.
  2. Click New Rule or Actions > New Rule.
  3. Define the rule with relevant object groups and other actions.

Edge-level Business Policy displays the policies inherited from profile and they are read only. If you want to override any Profile-level policy, then add a new rule. The added rule appears on top of the table and it can be manipulated by modifying or deleting, if needed.

Note: By default, the business policies are assigned to the global segment. If required, you can choose a segment from the Select Segment drop-down and create business policies specific to the selected segment.

What to do next

You can modify the object groups with additional IP addresses and port numbers. The changes are automatically included in the business policies that use the object groups.