6.0 GA introduces VRF Firewall enhancements to allow for multiple VRFs, each having access to the Internet, and can be implemented via 3.0 GA. Each VRF is configured to be associated with a different user group, for example, employee or guests, while keeping the traffic from each isolated. This feature allows each Routing Domain (user group) access to the Internet through a common Access Interface. This provides the following capability:

• Local guest-user Internet access
• Employee-user Internet access for defined applications
• Employee-users may continue hairpin all other traffic to the NCN
• Allow the user to add specific routes per Routing Domain, if required
• When enabled, this feature applies to all Routing Domains

Users may also create multiple access interfaces to accommodate separate public facing IP addresses. Either option provides the required security necessary per user group.

Below are the steps to configure this option. From Aware, navigate to Manage > Configuration and Import the current configuration.

1. Create Internet Service for a Site under Connections > [Site Name] > Internet Services and enable the Use checkbox under WAN Links.
2. Enable the checkbox labeled Internet Access for All Routing Domains under Sites > [Site Name] > WAN Links > [WAN Link Name] > Access Interfaces.

Figure 8: Enabling Internet access for All Routing Domains

Selecting this checkbox allows the platform to use this Access Interface for Internet Service on all configured Routing Domains.

Users may choose to configure either a shared Access Interface or one Access Interface for each group (separate public facing IP addresses).

Figure 9: Verifying Routes Added for Each Routing Domain

Figure 10: Removing a Routing Domain

Users may confirm that each Routing Domain is using the Internet Service by checking the Routing Domain column in the Flows table of the APNA web UI under Monitor > Flows.

Users may also check the routing table for each Routing Domain from the APNA web UI under Monitor > Statistics > Routes.