Hello All,
I have two VDOMs, one for my servers and one for my desktops. I have an inter-vdom link between them.
It seems that if I want to allow traffic between a desktop and a server, I need to have 4 rules.
Desktop ==> Server
1 on the incoming interface on the desktop VDOM, and
1 on the "incoming interface" (the inter-vdom link) on the server VDOM
Server ==> Desktop
the exact opposites of the above.
Is this correct?
Thanks in advance,
Chris.
hi,
stateful firewall such as the FGT only need to control who is allowed to open a session - this will cover the reply traffic as well.
As you have 2 firewalls now ("servers" and "desktops") you need 2 policies for each intended flow of control, that is, one egress policy on "desktops" and one ingress policy on "servers".
If you additionally want to open connections from a server to a desktop (e.g. for monitoring, or central backup) then you need to add 2 more policies.
If you look at a VDOM as an independent firewall or location, and the inter-VDOM-link as an "WAN" or external interface then it's quite clear how sessions are initiated by whom and how you need policies to allow this.
Or so I hope.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
