Help Center User GuideGetting StartedFAQ
 
X
User Guide
Getting Started
FAQ
Contents  

Adding and Provisioning a Next Generation Firewall Overview

Overview

You can use Contrail Service Orchestration (CSO) to

Topology

The topology to add an on-premise spoke site with next generation firewall capabilities is shown in Figure 7.

Figure 7: On-premise spoke site with next generation firewall

On-premise
spoke site with next generation firewall

The topology to add an on-premise spoke site with next generation firewall and LAN capabilities is shown in Figure 8.

Figure 8: On-premise spoke site with next generation firewall and LAN

On-premise
spoke site with next generation firewall and LAN

Workflow

The following workflow describes the steps that are required to set up a firewall site and provision the firewall device associated with the site.

Procedure

To set up a next generation firewall site and provision the firewall device:

  1. Add a standalone next generation firewall site. See Adding a Standalone Next Generation Firewall Site.

    To add a site with next generation firewall and switch, see Add an On-Premise Spoke Site with Next Generation Firewall and LAN Capabilities.

    Note Before proceeding to the next step ensure that the ZTP process is complete and the firewall device status is set to Provisioned state.

  2. Configure the firewall device. See Configuring the Firewall Device.
  3. Add firewall policies for the site. See Adding a Firewall Policy.
  4. Add firewall policy intents for the firewall policies that you added. See Adding Firewall Policy Intents.
  5. Deploy firewall policies to the site. See Deploying Firewall Policies.
Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit