Configuration - Overlays and Security Flashcards

1
Q

Business Intent Overlays (BIOs)

A

Use the Business Intent Overlays (BIOs) tab to create separate, logical networks that are individually customized to your applications and requirements within your network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

overlay summary table

A

is used for easy comparison of values between your various configured
overlays

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ACL

A
  • Orchestrator matches traffic to an ACL, progressing down the ordered priority list of overlays until it identifies the first one that matches.
  • The matched traffic is then analyzed against the overlay’s Internet
    Traffic configuration and forwarded within the fabric, or broken out to the internet based on the preferred policy order.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

WAN Links & Bonding Policy

A

If the software determines that the traffic is not destined for the internet, it refers to the WAN Links & Bonding Policy configuration and forwards traffic accordingly within the overlay.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Overlay Configuration

A
  1. Select the name of the overlay. The Overlay Configuration window opens. If you want to edit the default overlay or create a new overlay, enter the new name of the overlay in the Name field.
  2. Select the Match field and choose the match criteria from the menu.
  3. Click the Edit icon next to the ACL field. To apply default ACLs or create your own, select Add Rule in the Associate ACL window.
  4. Click Save.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Regional Routing

A
  • When enabled, regional routing enables you to manage your SD-WAN fabric by regions. It involves intraregion and inter-region route distribution across the SD-WAN fabric.
  • You can provide different Business Intent Overlay for each region by enabling regional routing and customizing BIOs per region.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Regional Multi-Hub BIO Topology

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Optimized Regional BIO Topology

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Routing Segmentation
Configuration > Networking > Routing > Routing Segmentation (VRF)

A
  • Use this tab to enable and disable routing segmentation across your network and apply unique configuration to your segments.
  • Routing segmentation allows for the configuration of VRF (Virtual Routing
    and Forwarding)–style Layer 3 segmentation in your SD-WAN deployments.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Note the following before configuring routing segmentation in Orchestrator:

A

l You must upgrade all EdgeConnect appliances and Orchestrator to version 9.0.
l All EdgeConnects must be configured to Inline Router mode.

l If a new appliance has been added to your network, or if an existing appliance has been replaced, you need to upgrade the appliance software to the appropriate version running in the network.

l After upgrading, segmentation is disabled by default. You will have to enable it on this tab.

l Regardless of whether segmentation is enabled or disabled, a Default segment is automatically created when you upgrade to 9.0.

l The system-generated Default segment cannot be deleted.

l After you enable routing segmentation, all existing configuration across your network is associated with the Default segment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Segment Configuration

A

l Overlays & Breakout Policies
l Firewall Zone Policies
l Inter-Segment Routing & D-NAT
l Inter-Segment SNAT
l Loopback

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Firewall Zone Policies
Configuration > Security >Firewall Zone Security Policies

A

Use this tab to enable and associate firewall zones to your segments.

With segmentation enabled, firewall zone security policies are orchestrated and there is no need for Firewall Security Templates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Complete the following steps to set a rule or policy to your firewall zones within your segment

A

Select the cell of the segment you want to update in the Matrix View. The From Zone To Zone window opens.
NOTE If you are already in Table View, click Add Rule.
2. Enter the Source Segment in the Source Segment field. This is the segment that the firewall is starting from.
3. Enter the Destination Segment in the Destination Segment field. This is the segment where the firewall is going to.
4. Select Add Rule.
5. Complete the content in the table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Firewall zones

A

are unique to each segment. For example, the default zone in Segment X will not be the same default zone in Segment Y.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Inter-Segment Routing & DNAT

A

Use this tab to configure inter-segment routing and DNAT rules when traffic is crossing between segments.
Click +Add and the Inter-Segment Routing & DNAT window opens.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Inter-Segment Routing & SNAT

A

This window enables you to enable source network address translation to your segments.

17
Q

Delete a Segment

A

Segmentation involves drastic changes to your physical network.
Deleting segments can be service affecting. Carefully read this section before deleting any of your segments.
Deleting a segment removes all the segmentation configuration from all the appliances within your network.

18
Q

When you delete a segment, Orchestrator automatically deletes

A

l The segment’s association with the overlay and break-out policies
l The intra-segment and inter-segment firewall zone policies
l The inter-segment routing & D-NAT rules
l The inter-segment S-NAT rule
l The loopback interfaces associated with the segment
l The VTI interfaces associated with the segment
l All the interface and VLAN interfaces

19
Q

Manual Tasks to Complete Before Deleting a Segment

A

The following configuration is disassociated from the segment and you need to manually delete the following:
l Any manual created tunnels
l BGP peers in the segment
l Internal subnet table rules
l Overlay ACL rules associated to the deleted segment

20
Q

Disable a Segment

A

To disable routing segmentation across your network, you need to delete all configured segments in the network, except the default segment (which cannot be deleted). After all the segments are deleted, navigate to this tab and move the toggle at the top of the page to disable.

21
Q

Management Services
Configuration > Networking > Routing > Management Services

A

When enabled, management services are functional in the associated segment based on the selected interface.

l When disabled, all the interfaces are available for configuration.

22
Q

Inter-Segment Routing and D-NAT Exceptions
Configuration > Networking > Routing > Inter-Segment Routing & D-NAT Exceptions

A

Use this tab to configure inter-segment routing and Destination NAT (D-NAT) rules when traffic is crossingbetween segments.

Click the edit icon to open the Inter-Segment Routing & D-NAT dialog box.

23
Q

Inter-Segment S-NAT Exceptions
Configuration > Networking > Routing > Inter-Segment S-NAT Exceptions

A

Use this tab to enable source network address translation to your segments.

Select an appliance or group of in the Orchestrator appliance tree to apply your Source NAT (S-NAT) exceptions.

24
Q
A