<< Create Named Objects

Create Static Routes >>

 

Example 4: GRE Tunnel, Site-to-Site

Create Firewall Access Policies for the Tunnel Traffic

 

Now you can create firewall access policies to permit the GRE tunnel traffic.

TMS zl Module A

TMS zl Module B

  1. Select Firewall > Access Policies > Unicast.

  2. Click Add a Policy.

  1. Permit GRE packets to Module B.

  1. For Action, accept the default: Permit Traffic.

  2. For From, select SELF.

  3. For To, select ZONE3.

  4. For Service, select GRE.

  5. For Source, select siteAinter.

  6. For Destination, select siteBinter.

  7. Select the Enable logging on this Policy check box.

Because policy logging is processor-intensive, it is not recommended that you enable logging permanently. Use policy logging for troubleshooting and testing only.

  1. Click Apply.

  1. Permit GRE packets traffic from Module B.

  1. For Action, accept the default: Permit Traffic.

  2. For From, select ZONE3.

  3. For To, select SELF.

  4. For Service, select GRE.

  5. For Source, select siteBinter.

  6. For Destination, select siteAinter.

  7. Click Apply.

  1. Permit outbound FTP traffic through the GRE Tunnel:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select DMZ.

  3. For To, select ZONE5.

  4. For Service, select ftp.

  5. For Source, select VLAN50.

  6. For Destination, select VLAN80.

  7. Click Apply.

  1. Permit inbound FTP traffic through the GRE tunnel:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select ZONE5.

  3. For To, select DMZ.

  4. for Service, select ftp.

  5. For Source, select VLAN80.

  6. For Destination, select VLAN50.

  7. Click Apply.

  1. Select Firewall > Access Policies > Unicast.

  2. Click Add a Policy.

  1. Permit GRE packets traffic to Module A.

  1. For Action, accept the default: Permit Traffic.

  2. For From, select SELF.

  3. For To, select INTERNAL.

  4. For Service, select GRE.

  5. For Source, select siteBinter.

  6. For Destination, select siteAinter.

  7. Select the Enable logging on this Policy check box.

Because policy logging is processor-intensive, it is not recommended that you enable logging permanently. Use policy logging for troubleshooting and testing only.

  1. Click Apply.

  1. Permit GRE packets traffic from Module A.

  1. For Action, accept the default: Permit Traffic.

  2. For From, select INTERNAL.

  3. For To, select SELF.

  4. For Service, select GRE.

  5. For Source, select siteAinter.

  6. For Destination, select siteBinter.

  7. Click Apply.

  1. Permit outbound FTP traffic through the GRE tunnel:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select ZONE4.

  3. For To, select ZONE6.

  4. For Service, select ftp.

  5. For Source, select VLAN80.

  6. For Destination, select VLAN50.

  7. Click Apply.

  1. Permit outbound FTP traffic through the GRE tunnel:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select ZONE6.

  3. For To, select ZONE4.

  4. For Service, select ftp.

  5. For Source, select VLAN50.

  6. For Destination, select VLAN80.

  7. Click Apply.

<< Create Named Objects

Create Static Routes >>