Create a core network policy version using the console
Use the Network Manager console to create a core network policy version. The console provides separate tabs for you to configure a network policy version. The following steps describe the high-level process.
-
You'll first set the network configuration parameters, including adding ASN ranges, CIDR blocks, and the edge locations to include in the policy.
-
After defining the network configuration parameters, you'll add network segments and define the behavior for those segments. For example, you might want to include a segment that requires attachment acceptance.
-
Create a network function group.
The network function group provides an added level of security if you want to first steer specific segments to a third-party security device or an Inspection VPC. A network function group is the parent object for the segments you want to route to security appliances.
-
Define segment actions, such as sharing a segment, creating a segment route, or creating a service insertion action for the network function group.
-
Lastly, you'll create an attachment policy that defines the order when segments or network function groups should be run in the core network policy.