Allowing system communications in Access rules
You must add Access rules for some types of communication between Secure SD-WAN Manager components.
The necessary communications between the engine and other Secure SD-WAN Manager components are allowed in the predefined Firewall Template Policy, IPS Template, and Layer 2 Firewall Template. However, the predefined templates do not allow other Secure SD-WAN Manager components to communicate through the engine to some third Secure SD-WAN Manager component.
- Management and monitoring connections to/from the remote firewall.
- Monitoring and log browsing connections from the central site to the remote Log Server.
- Any remote-site Management Client connections to the Management Server at the central site.
If NAT is applied to the connections, Access rules alone are not enough. You must also create Location elements and add Contact Addresses for the elements to define which translated addresses are necessary for making contact.
If you have inline IPS engines or Layer 2 Firewalls, be careful that you do not define rules that would prevent other Secure SD-WAN Manager components from communicating with each other.
There are predefined Service elements for all system communications. You can use these elements to create Access rules.