Creating security policies
Two security policies are needed: one for firewall group who connect through port3 and one for FSSO group who connect through port2.
To create a security policy for FSSO authentication - web-based manager
1. Go to Policy & Objects > Policy > IPv4 and select Create New.
2. Enter the following information:
Incoming Interface | Port2 |
Source Address | Windows_net |
Source User(s) | FSSO_Internet_users |
Outgoing Interface | Port1 |
Destination Address | all |
Schedule | always |
Service | ALL |
NAT | ON |
Security Profiles | Optionally, enable security profiles. |
3 Select OK.
To create a security policy for FSSO authentication - CLI
config firewall policy
edit 0
set srcintf port2
set dstintf port1
set srcaddr Windows_net
set dstaddr all
set action accept
set groups FSSO_Internet_users
set schedule always
set service ANY
set nat enable
end
To create a security policy for local user authentication - web-based manager
1. Go to Policy & Objects > Policy > IPv4 and select Create New.
2. Enter the following information:
Incoming Interface | Port3 |
Source Address | Internal_net |
Source User(s) | Internet_users |
Outgoing Interface | Port1 |
Destination Address | all |
Schedule | always |
Service | ALL |
NAT | ON |
Security Profiles | Optionally, enable security profiles. |
3 Select OK.
To create a security policy for local user authentication - CLI
config firewall policy
edit 0
set srcintf port3
set dstintf port1
set srcaddr internal_net
set dstaddr all
set action accept
set schedule always
set groups Internet_users
set service ANY
set nat enable
end