Add the security policies
Security policies allow packets to travel between the VLAN_100_int interface and the VLAN_100_ext interface. Two policies are required; one for each direction of traffic. The same is required between the VLAN_200_int interface and the VLAN_200_ext interface, for a total of four required security policies.
To add the security policies - web-based manager
1. Go to Policy & Objects > Policy > IPv4 or Policy & Objects > Policy > IPv6 and select Create New.
2. Enter the following information and select OK:
Incoming Interface | VLAN_100_int |
Source Address | all |
Outgoing Interface | VLAN_100_ext |
Destination Address | all |
Schedule | Always |
Service | ALL |
Action | ACCEPT |
3. Select Create New.
4. Enter the following information and select OK:
Incoming Interface | VLAN_100_ext |
Source Address | all |
Outgoing Interface | VLAN_100_int |
Destination Address | all |
Schedule | Always |
Service | ALL |
Action | ACCEPT |
5. Go to Policy & Objects > Policy > IPv4 or Policy & Objects > Policy > IPv6 and select Create New.
6. Enter the following information and select OK:
Incoming Interface | VLAN_200_int |
Source Address | all |
Outgoing Interface | VLAN_200_ext |
Destination Address | all |
Schedule | Always |
Service | ALL |
Action | ACCEPT |
Enable NAT | Enable |
7. Select Create New.
8. Enter the following information and select OK:
Incoming Interface | VLAN_200_ext |
Source Address | all |
Outgoing Interface | VLAN_200_int |
Destination Address | all |
Schedule | Always |
Service | ALL |
Action | ACCEPT |
To add the security policies - CLI
config firewall policy OR config firewall policy6
edit 1
set srcintf VLAN_100_int
set srcaddr all
set dstintf VLAN_100_ext
set dstaddr all
set action accept
set schedule always
set service ALL
next
edit 2
set srcintf VLAN_100_ext
set srcaddr all
set dstintf VLAN_100_int
set dstaddr all
set action accept
set schedule always
set service ALL
next
edit 3
set srcintf VLAN_200_int
set srcaddr all
set dstintf VLAN_200_ext
set dstaddr all
set action accept
set schedule always
set service ALL
next
edit 4
set srcintf VLAN_200_ext
set srcaddr all
set dstintf VLAN_200_int
set dstaddr all
set action accept
set schedule always
set service ALL
end
See Also