![]() ![]() – PBF rule: WSS_OverIPsec_1 with Egress Interface tunnel.1 – IPSec tunnel: WSS_Tunnel_1 with Local Proxy ID 10.1.1.0/24 (to match Local site network above) – IKE gateway: WSS_IKE_Gateway_1 with Peer IP 199.19.248.164 (this is Symantec datacenter IP) – Tunnel interface: tunnel.1 with IP address 192.168.1.254/32 (firewall zone: WSS_tunnel) In this example, we are using the following parameters PBF rule is configured on Palo Alto Networks firewall to forward HTTP traffic to Symantec WSS tunnel.IPSec site-to-site VPN tunnel is configured on both Palo Alto Networks firewall and Symantec WSS Admin console.Using Trans-Proxy (Explicit Proxy over IPSec) design.– When IPSec tunnel is DOWN: PBF rule is disabled and HTTP traffic will be routed as per active routing table. – When IPSec tunnel is UP: PBF rule is enabled and HTTP traffic will be forwarded to Symantec WSS tunnel. – Monitor Policy Based Forwarding (PBF) rule: disable PBF rule if the monitored IP is unreachable – Monitor IPSec site-to-site VPN tunnel: set IPSec tunnel down if the monitored IP is unreachable Implement Symantec Web Security Services (WSS) in the cloud using firewall or VPN access method ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |