-
Select Firewall > Access Policies > Unicast.
-
Click Add a Policy.
-
Permit GRE packets from Site B:
-
For Action, accept the default: Permit Traffic.
-
For From, select EXTERNAL.
-
For To, select SELF.
-
For Service, select gre.
-
For Source, select siteBinter.
-
For Destination, select siteAinter.
-
Select the Enable logging on this Policy check box.

|
Because policy logging is processor-intensive, it is not recommended that you enable logging permanently. Use policy logging for troubleshooting and testing only.
|
-
Click Apply.
-
Permit GRE packets to Site B:
-
For Action, accept the default: Permit Traffic.
-
For From, select SELF.
-
For To, select EXTERNAL.
-
For Service, select gre.
-
For Source, select siteAinter.
-
For Destination, select siteBinter.
-
Click Apply.
-
Permit HTTP traffic to the GRE tunnel:
-
For Action, accept the default: Permit Traffic.
-
For From, select ZONE6.
-
For To, select ZONE4.
-
For Service, select http.
-
For Source, select VLAN70.
-
For Destination, select VLAN40.
-
Click Apply.
-
Permit HTTP traffic from the GRE tunnel:
-
For Action, accept the default: Permit Traffic.
-
For From, select ZONE4.
-
For To, select ZONE6.
-
For Service, select http.
-
For Source, select VLAN40.
-
For Destination, select VLAN70.
-
Click Apply.
-
Click Close.
|
-
Select Firewall > Access Policies > Multicast.
-
Click Add a Policy.
-
Permit GRE packets from Site A:
-
For Action, accept the default: Permit Traffic.
-
For From, select EXTERNAL.
-
For To, select SELF.
-
For Service, select gre.
-
For Source, select siteAinter.
-
For Destination, select siteBinter.
-
Select the Enable logging on this Policy check box.

|
Because policy logging is processor-intensive, it is not recommended that you enable logging permanently. Use policy logging for troubleshooting and testing only.
|
-
Click Apply.
-
Permit GRE packets to Site A:
-
For Action, accept the default: Permit Traffic.
-
For From, select SELF.
-
For To, select EXTERNAL.
-
For Service, select gre.
-
For Source, select siteBinter.
-
For Destination, select siteAinter.
-
Click Apply.
-
Permit HTTP traffic to the GRE tunnel:
-
For Action, accept the default: Permit Traffic.
-
For From, select ZONE2.
-
For To, select ZONE3.
-
For Service, select http.
-
For Source, select VLAN40.
-
For Destination, select VLAN70.
-
Click Apply.
-
Permit HTTP traffic from the GRE tunnel:
-
For Action, accept the default: Permit Traffic.
-
For From, select ZONE3.
-
For To, select ZONE2.
-
For Service, select http.
-
For Source, select VLAN70.
-
For Destination, select VLAN40.
-
Click Apply.
-
Click Close.
|