Configuring Azure Spoke Subnet Groups
For Azure-based Transit FireNet Gateways that have Spoke Gateways attached, you can use the Azure Spoke Subnet Groups dialog to add Azure Spoke Subnet Groups to these attached Spoke Gateways.
You cannot add Azure Spoke Subnet Groups to a Spoke Gateway that has inspection enabled. You must remove Azure Spoke Subnet Groups from Azure Transit Gateways before removing FireNet functionality from those gateways. |
Adding Azure Spoke Subnet Groups
When you add an Azure Spoke subnet group, selecting the Spoke Gateway automatically synchronizes the Subnet(s) list with the Azure portal so that the list is refreshed with any new subnets for this Spoke Gateway.
-
On the Security > FireNet > FireNet Gateways tab, click the name of an Azure FireNet Gateway that has at least one Spoke Gateway attached.
-
Click the Policy tab.
-
Click Azure Spoke Subnet Groups.
-
In the Azure Spoke Subnet Groups dialog, you can:
-
Edit or delete an existing subnet group (if editing, you can only add or remove a subnet group; if deleting, you are prompted if you want to delete the subnet group)
-
Add a Subnet Group
-
-
If adding a subnet group, click +Azure Spoke Subnet Group.
-
Enter a name for the Subnet Group.
-
Select the Spoke Gateway (only Spoke Gateways attached to this Transit FireNet are available). The Subnet(s) list is automatically refreshed with any new subnets for this Spoke Gateway from the Azure portal.
-
Select the Subnet Group(s).
-
Click Save. It may take a couple of minutes for the changes to save.
-
After the changes are saved, click Close to close the Create Azure Spoke Subnet Group dialog.
-
The new subnet group is displayed on the Azure Spoke Subnet Groups dialog.
Adding Inspection Policy for Spoke Subnet Group
After your new subnet groups are created, you can add them to the inspection policy for this particular Azure Transit FireNet gateway.
-
Select the Spoke Subnet Group in the Policy list.
-
Click Add in the Actions list.
See Configuring Transit FireNet Inspection Policies for more information.
Removing Spoke Subnet Groups
-
Disable inspection for the Spoke Subnet Group by selecting the group on the FireNet Gateways > Policy tab and then selecting Remove from the Actions menu.
-
On the Policy tab, click Azure Spoke Subnet Groups.
-
In the Azure Spoke Subnet Groups dialog, select the delete icon next to the subnet group.
-
Click Delete to confirm that you want to delete the subnet group.
-
When the deletion is complete, click Close to close the dialog.