![]() The IKE negotiation traffic between the Palo Alto and the ASA will be traversing within the same zone, in our case, it will be sourcing from untrust destined to untrust. ![]() The interzone-default rule instead is used for the traffic traversing between the zones, for example, between trust and untrust, and this rule is set to Deny action by default. ![]() The intrazone-default rule is used for the traffic traversing within the same zone, and it is set to Allow action by default. Palo Alto firewalls have a couple of default rules, one is the intrazone-default and another is the interzone-default. The security policies configuration for the VPN tunnel depends on our existing security policies.
0 Comments
Leave a Reply. |