As an enterprise administrator, you can configure firewall rules, stateful firewall settings, network and flood protection settings, edge access information, and activate or deactivate firewall status and logs, using the Firewall tab in the Profile Configuration dialog.

Firewall Profiles are Segment aware. All Segments available for the configuration are listed in the Configure Segment drop-down menu. When you select a Segment to configure from the Configure Segment drop-down menu, the settings and options associated with that Segment appear in the Configure Segments area. Global Segment [Regular] is the default Segment.

For more information about Segmentation, see Configure Segments.

The firewall configuration at the profile level includes:
  • Enabling Syslog Forwarding. By default, the Syslog Forwarding feature is deactivated for an enterprise. To collect SD-WAN Orchestrator bound events and firewall logs originating from enterprise SD-WAN Edge to one or more centralized remote Syslog collectors (Servers), an enterprise user must enable this feature at the enterprise level. To configure Syslog collector details per segment in the SD-WAN Orchestrator, see Configure Syslog Settings for Profiles.
    Note: You can view both IPv4 and IPv6 Firewall logging details in a IPv4 based Syslog Server.
  • Enabling Stateful Firewall at the Profile and Edge level. By default, the Stateful Firewall feature is enabled for an enterprise. To deactivate the Stateful Firewall feature for an enterprise, contact an Operator with Super User permission.
  • Configure Firewall Rules
  • Configuring Stateful Firewall Settings
  • Configuring Network and Flood Protection Settings
  • Configuring Edge access
Note: You can configure firewall rules with IPv6 addresses only from the New Orchestrator UI. For more information, see Configure Profile Firewall with New Orchestrator UI.
Note: You can deactivate the Firewall function for profiles by turning the Firewall Status to OFF.

Related Links