Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IC can push polices to firewall across differenent zones?

SOLVED
Go to solution
aeroplane_
Regular Contributor
‎01-15-2010 11:26:PM
‎01-15-2010 11:26:PM

IC can push polices to firewall across differenent zones?

Hi Experts,

My scenario is that I have SSG-320, which has untrust zone, DMZ1 and DMZ1 zones. Users from Untrust zone access the serves in DMZ1 and DMZ1. Now I place the IC in Untrust zone, which first check the identitiy and security status of end point before it acess the DMZ1 and DMZ2 servers.

My question is that how IC can push the appropriate resource policies to firewall from untrust zone to DMZ1 and DMZ2 respectively? How It knows this resource policy is from untrust to DMZ1 and that resource policy is from untrust to DMZ2 zone?

Many thanks

0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
mnarine_
Contributor
‎01-18-2010 07:21:PM
‎01-18-2010 07:21:PM

Re: IC can push polices to firewall across differenent zones?

Hi, With none IPSec routing policies, the IC just sends a policy based on resources. Doesn't matter the zone. When you setup the policy on the IC, you don't specify a zone. However, if you are doing a IPSec routing policy, it will require a zone. Just create IC resource policy based on protected resources and the IC will push the policies to the firewall. It'll work. Smiley Happy -Mike

View solution in original post

0 Kudos
Reply
3 REPLIES 3
mnarine_
Contributor
‎01-18-2010 07:21:PM
‎01-18-2010 07:21:PM

Re: IC can push polices to firewall across differenent zones?

Hi, With none IPSec routing policies, the IC just sends a policy based on resources. Doesn't matter the zone. When you setup the policy on the IC, you don't specify a zone. However, if you are doing a IPSec routing policy, it will require a zone. Just create IC resource policy based on protected resources and the IC will push the policies to the firewall. It'll work. Smiley Happy -Mike

View solution in original post

0 Kudos
Reply
aeroplane_
Regular Contributor
‎03-13-2010 12:44:AM
‎03-13-2010 12:44:AM

Re: IC can push polices to firewall across differenent zones?

Hi

But still I am confuse for ipsec routing policy how firewall will know the direction of policy means from untrust to DMZ1 or untrust to DMZ2?

Thanks

0 Kudos
Reply
mnarine_
Contributor
‎03-14-2010 04:07:PM
‎03-14-2010 04:07:PM

Re: IC can push polices to firewall across differenent zones?

When you setup a policy on the SRX you, one of the action is to permit application UAC w/VPN. For the SSG is a bit different. On the SRX it seems the Zones does not make a difference when you specify them on the SRX. With the SSG it's a bit more integrated so it does matter which zone for either SRX or SSG and the firewall does know about it one way or the other.

-Mike

0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.