#nice network flow view
Tenants > Security Policies
>> instead of Table View choose Network Graph in the right corner above

Best practise for rules
- assign policy to egress direction
- assign a bigger vrf policy to the vrf, but there things like deny ssh, or allow rdp only for this hosts
- network policies attached to vlan's for more specific rules
- allows consider: if you assign an empty policy to a network or vrf it means "deny any"!!

#persona best practice > always access except special vsx ports
- interface 1/1/1-1/1/47 > persona access
- interface 1/1/48 > no persona (vsx keepalive)
- interface 1/1/49+50 > no persona (vsx isl)
- interface 1/1/51-54 > persona access

#commands to know
- pdsctl show security-policy

computer2know :: thank you for your visit :: have a nice day :: © 2024