skip to content

Manage your SD-WAN firewall profiles

Updated 9/13/2017 1:57:39 PM by Comcast Expert


You can create, enable or disable firewall policies with your SD-WAN service for individual sites or groups of sites.

Access and manage profiles

  1. Sign in to My Account and select ActiveCore from the Manage Services menu. 

  2. Navigate to your Site Details by selecting View Insight or View all Insights and then select View Site.


    You can also navigate to your Site Details from your Network Map or from Service Configuration.  

    Note: For more information on templates and QoS, see Create and deploy SD-WAN templates.

  3. Select Firewall from the Virtual Sites services page and then select View/Edit.


  4. Select a Firewall Profile from the following options:

    Normal - This is the default profile for a local offload internet.

    • All outbound traffic shall pass.

    • All inbound traffic is dropped, unless it is part of a session originated from the Trust Zone in question.

    • Inbound ICMP is allowed specifically to the external public addresses.

    Strict - This profile provides a moderately restrictive set of protocols allowed to be utilized via the internet, while blocking everything else. This type might be used on a public Wi-Fi hotspot. All inbound traffic is dropped, unless it is part of a session originated from the Trust Zone in question.

    Supports the following outbound protocols:

    • Web (normal and encrypted)

    • DNS

    • SSH

    • Common VPN protocols

    • Common Mail protocols

    New - You can customize Firewall rules to fit your specific needs. 

  5. Set Layer 3 and 4 Network Traffic Rules. Make a selection from the following Traffic between Zones and make a Protocol selection.

    Trust to WAN - All traffic originating from your site (LAN) and outbound to the VPNs

    WAN to Trust - All traffic originating from the VPN to your site

    Trust to Un-Trust - All traffic from your site LAN to the Internet

    Un-Trust to Trust - All traffic from the Internet to your site

    Make a selection for the Action to take for taffic matching the rule.

    Accept allows traffic to pass

    Reject actively sends a status that says that access is denied

    Drop silently drops the packet as if there was no valid destination

  6. Select Save and then select Deploy changes, Delete Draft Template or Save Draft.


Was This Article Helpful?

Rate this article on a scale of 1-5

Didn't find what you're looking for?

Related Articles

» More about ActiveCore℠