Setting VPN Segmentation Policies
By default, all the VPN Zones are able to communicate with one another (
).
To change this status, simply click the icon for each VPN Zone pair in the VPN Segmentation Policies matrix.
Note: This matrix is symmetrical, i.e. the segmentation policy between two VPN zones is the same in both directions and needs to be configured only once. For example, the policy is the same for Data Center-Agencies and Agencies-Data Center.
This configuration implements the following policies (refer to "Use Case 11" diagram):
| • | the ip|engines that do not belong to any other zone than the Default Zone can communicate with the ip|engines of the Data Center zone |
| • | the ip|engines in the Data Center zone can communicate with all the other zones, including ip|engines of other sites in the Data Center zone |
Warning: some ip|engines belong to Data Center 1 and Data Center 2 but not to the Data Center zone since they belong to higher priority zones such as Marketing and DC Payment.
| • | the ip|engines in the Agencies zone can only communicate with ip|engines in the Data Center zone. They cannot communicate with one another if they are not on the same site |
Warning: some ip|engines belong to B01 and B02 sites but not to the Agencies zone since they belong to higher priority zones such as Marketing and Agency Payment.
| • | the ip|engines in the Marketing zone can all communicate with one another, whichever site they are related to |
| • | the ip|engines in the DC Payment zone can communicate with ip|engines in the Agency Payment zone |
