Hi all, two questions regarding site-to-site VPN firewall:
I have 30 networks in the same dashboard organization with site-to-site VPN (Auto VPN) enabled in hub (mesh) mode at all locations. One location is "headquarters" and the other 29 are smaller remote locations.
We'd like to change things so the remote locations cannot talk to each other and only talk with headquarters. To do that, I believe I have to change all the remote locations to Spoke mode instead of hub, and then implement outbound firewall rules to block traffic between the remote sites.
Is there someway to write the rules so that hundreds of rules aren't required? Some sites are 192.168.x.x/24 and others are 10.x.x.x/24.
If IPv4 translation is enabled under VPN settings, should the above mentioned firewall rules be written using the translated subnets?