Add the security policies
Security policies allow packets to travel between the VLAN_100_int interface and the VLAN_100_ext interface. Two policies are required; one for each direction of traffic. The same is required between the VLAN_200_int interface and the VLAN_200_ext interface, for a total of four required security policies.
To add the security policies - web-based manager
1. Go to Policy > Policy > Policy and select Create New.
2. Leave the Policy Type as Firewall and the Policy Subtype as Address.
3. Enter the following information and select OK:
Incoming Interface | VLAN_100_int |
Source Address | all |
Outgoing Interface | VLAN_100_ext |
Destination Address | all |
Schedule | Always |
Service | ALL |
Action | ACCEPT |
4. Select Create New.
5. Leave the Policy Type as Firewall and the Policy Subtype as Address.
6. Enter the following information and select OK:
Incoming Interface | VLAN_100_ext |
Source Address | all |
Outgoing Interface | VLAN_100_int |
Destination Address | all |
Schedule | Always |
Service | ALL |
Action | ACCEPT |
7. Go to Policy > Policy > Policy and select Create New.
8. Leave the Policy Type as Firewall and the Policy Subtype as Address.
9. Enter the following information and select OK:
Incoming Interface | VLAN_200_int |
Source Address | all |
Outgoing Interface | VLAN_200_ext |
Destination Address | all |
Schedule | Always |
Service | ALL |
Action | ACCEPT |
Enable NAT | Enable |
10. Select Create New.
11. Leave the Policy Type as Firewall and the Policy Subtype as Address.
12. Enter the following information and select OK:
Incoming Interface | VLAN_200_ext |
Source Address | all |
Outgoing Interface | VLAN_200_int |
Destination Address | all |
Schedule | Always |
Service | ALL |
Action | ACCEPT |
To add the security policies - CLI
config firewall policy
edit 1
set srcintf VLAN_100_int
set srcaddr all
set dstintf VLAN_100_ext
set dstaddr all
set action accept
set schedule always
set service ALL
next
edit 2
set srcintf VLAN_100_ext
set srcaddr all
set dstintf VLAN_100_int
set dstaddr all
set action accept
set schedule always
set service ALL
next
edit 3
set srcintf VLAN_200_int
set srcaddr all
set dstintf VLAN_200_ext
set dstaddr all
set action accept
set schedule always
set service ALL
next
edit 4
set srcintf VLAN_200_ext
set srcaddr all
set dstintf VLAN_200_int
set dstaddr all
set action accept
set schedule always
set service ALL
end
See Also