Cisco SDWAN Demo
Task
• Create a port group
• Create geolocation
• Enable HTTPS port
• Block HTTP port
• Create inside & outside zone
Configuration
Tack the gui access of our FMC. With ip address 172.20.58.100
Go to policy and add category name is Uninets-internet and insert into mandatory
Add to new rule click on add rule
Select inside zone and click on add to source action is allow and rule name is HTTPS Whitelist Locations
Select outside zone and then click on add to destination. Action is allowed
Go to network
Select inside network and click on add to source network. Action is allowed
Click on port select HTTPS and then click on add to destination. Action is allowed
Then save it
Click on add rule
Rule name trust DNS action is trust
Select inside zone and click on add to source
Select outside zone and click on add to destination
Click on network
Select inside network and add to source network
Then go to ports
Select port DNS_over_TCP and add to source
Select port DNS_over_UDP and add to destination
Click on logging
Then click on add
Click on edit option to edit the trust DNS policy
Click on more
Select above rule
Then save it
Click on add rule
Rule name is Deny HTTP and action is block with reset
Select inside zone and add to source
Select outside zone and add to destination
Click on network
Select inside network and add to source network
Click on port
Select HTTP port and click on add to destination
Click on logging
Select the checkbox
Then click on add
Click on edit option
Click on more
Select into category
Select Uninets-internet option
Then click on save
Save it
Now we will deploy this policy
Select the checkbox and deploy it
Click on port
Click on add port
Click on add group
New por group name Web-Browsing then add Http and Https after that save it
To check your new port group is created or not go to search option and types web-browsing and you get your new port group
