: Create an Outbound Contract
Focus
Focus

Create an Outbound Contract

Table of Contents

Create an Outbound Contract

Create a contract with a filter that allows DNS, NTP, HTTP, and HTTPS traffic. You will use this contract to allow all endpoints in the VRF to reach the external networks but limits the traffic sent to the firewall.
  1. On the Tenants tab, double-click on the name of your tenant.
  2. Select ContractsFilters
  3. Right-click on Filters and select Create Filter.
  4. Enter a descriptive Name for the filter.
  5. Create a filter entry for UDP traffic.
    1. Click the plus (+) button to the right of Entries.
    2. Enter a descriptive Name for the UDP filter.
    3. Select IP from the EtherType drop-down.
    4. Select udp from the IP Protocol drop-down.
    5. Select dns from the Destination Port From drop-down.
    6. Click Update.
  6. Create a filter entry for TCP traffic.
    1. Click the plus (+) button to the right of Entries.
    2. Enter a descriptive Name for the TCP filter.
    3. Select IP from the EtherType drop-down.
    4. Select tcp from the IP Protocol drop-down.
    5. Select dns from the Destination Port From drop-down.
    6. Click Update.
  7. Create a filter entry for NTP traffic.
    1. Click the plus (+) button to the right of Entries.
    2. Enter a descriptive Name for the NTP filter.
    3. Select IP from the EtherType drop-down.
    4. Select udp from the IP Protocol drop-down.
    5. In the Destination Port From field, enter 123.
    6. Click Update.
  8. Create a filter entry for HTTP traffic.
    1. Click the plus (+) button to the right of Entries.
    2. Enter a descriptive Name for the HTTP filter.
    3. Select IP from the EtherType drop-down.
    4. Select tcp from the IP Protocol drop-down.
    5. Select http from the Destination Port From drop-down.
    6. Click Update.
  9. Create a filter entry for HTTPS traffic.
    1. Click the plus (+) button to the right of Entries.
    2. Enter a descriptive Name for the HTTP filter.
    3. Select IP from the EtherType drop-down.
    4. Select tcp from the IP Protocol drop-down.
    5. Select https from the Destination Port From drop-down.
    6. Click Update.
  10. Click Submit.
  11. Create a contract for outbound traffic.
    1. On the Tenants tab, double-click on the name of your tenant and select Contracts.
    2. Right-click on Contracts and select Create Contract.
    3. Enter a descriptive Name for your Contract.
    4. Click the plus (+) button to the right of Subjects.
    5. Enter a descriptive Name for you Subject.
    6. Under Filter Chain, click the plus (+) button to the right of Filters.
    7. Select the filter you created previously from the drop-down.
    8. Click OK.
  12. Click Submit.