SmartGroup Use Cases
SmartGroups Use Case 1
The following is an example of using SmartGroups:
Angel creates three SmartGroups:
-
Smart Group 1 = SAP_BW
-
Smart Group 2 = SAP_CRM
-
Smart Group 3 = Public CIDR of Hosted S4Hana
Angel has the following business objectives:
-
Allow BW and CRM to talk to PaaS endpoint S4Hana on port 443
-
Deny all traffic between BW and CRM
To achieve Distributed Cloud Firewall (DCF) objectives, Angel does the following in CoPilot Home > Security > Distributed Cloud Firewall:
-
Builds firewalling policies that allow traffic from Smart Group 1 and 2 to talk on port 443 to Smart Group 3.
-
Creates a Deny All Policy for Smart Group 1 to talk to Smart Group 2. Note that after a SmartGroup is part of a policy, all traffic for that SmartGroup is denied unless explicitly allowed by DCF rules.
SmartGroup Use Case 2 (External Connection)
-
Create a SmartGroup for RS1 (Remote Site 1).
-
Create a SmartGroup for RS2 (Remote Site 2).
-
Create a DCF rule to allow traffic from RS1 to VPC2.
-
Create a DCF rule to deny traffic from RS2 to VPC2.
-
Create a DCF Egress rule to allow specific web domains from RS1 to the Internet.
-
Create a DCF rule to allow TCP/22 traffic from VPC1 to RS2.