Filtering rules

In this tutorial, traffic between private networks is voluntarily not specified (destination port: ANY). To optimize performance (save bandwidth and machine resources), it is important to refine the filtering on satellite sites (authorized protocols, ports, etc) in order to prevent unnecessary packets from going through the tunnels. This filtering policy will also be on the Hub site.

Spoke A site

Define the filtering rules needed for exchanges between Spoke A and Spoke B, Spoke A and the Hub as well as local traffic to the Internet:

Spoke B site

Define the filtering rules needed for exchanges between Spoke B and Spoke A, Spoke B and the Hub as well as local traffic to the Internet: