Add the security policies
Once you have assigned addresses to the VLANs, you need to configure security policies for them to allow valid packets to pass from one VLAN to another and to the Internet.
| You can customize the Security Policy display by including some or all columns, and customize the column order onscreen. Due to this feature, security policy screenshots may not appear the same as on your screen. |
If you do not want to allow all services on a VLAN, you can create a security policy for each service you want to allow. This example allows all services.
To add the security policies - web-based manager
1. Go to Policy > Policy > Policy and select Create New.
2. Leave the Policy Type as Firewall and the Policy Subtype as Address.
3. Enter the following information and select OK:
Incoming Interface | VLAN_100 |
Source Address | VLAN_100_Net |
Outgoing Interface | VLAN_200 |
Destination Address | VLAN_200_Net |
Schedule | Always |
Service | ALL |
Action | ACCEPT |
Enable NAT | Enable |
4. Select Create New.
5. Leave the Policy Type as Firewall and the Policy Subtype as Address.
6. Enter the following information and select OK:
Incoming Interface | VLAN_200 |
Source Address | VLAN_200_Net |
Outgoing Interface | VLAN_100 |
Destination Address | VLAN_100_Net |
Schedule | Always |
Service | ALL |
Action | ACCEPT |
Enable NAT | Enable |
7. Select Create New.
8. Leave the Policy Type as Firewall and the Policy Subtype as Address.
9. Enter the following information and select OK:
Incoming Interface | VLAN_100 |
Source Address | VLAN_100_Net |
Outgoing Interface | external |
Destination Address | all |
Schedule | Always |
Service | ALL |
Action | ACCEPT |
Enable NAT | Enable |
10. Select Create New.
11. Leave the Policy Type as Firewall and the Policy Subtype as Address.
12. Enter the following information and select OK:
Incoming Interface | VLAN_200 |
Source Address | VLAN_200_Net |
Outgoing Interface | external |
Destination Address | all |
Schedule | Always |
Service | ALL |
Action | ACCEPT |
Enable NAT | Enable |
To add the security policies - CLI
config firewall policy
edit 1
set srcintf VLAN_100
set srcaddr VLAN_100_Net
set dstintf VLAN_200
set dstaddr VLAN_200_Net
set schedule always
set service ALL
set action accept
set nat enable
set status enable
next
edit 2
set srcintf VLAN_200
set srcaddr VLAN_200_Net
set dstintf VLAN_100
set dstaddr VLAN_100_Net
set schedule always
set service ALL
set action accept
set nat enable
set status enable
next
edit 3
set srcintf VLAN_100
set srcaddr VLAN_100_Net
set dstintf external
set dstaddr all
set schedule always
set service ALL
set action accept
set nat enable
set status enable
next
edit 4
set srcintf VLAN_200
set srcaddr VLAN_200_Net
set dstintf external
set dstaddr all
set schedule always
set service ALL
set action accept
set nat enable
set status enable
end
See Also