Settings for Firewalls FW3 and FW4

Static routing

A default route or an explicit static route to the remote network needsto be defined.

The first action that the firewall performs is indeed to check that it has a route to the remote site before looking up its filter policy. The absence of a route will result in packets being rejected.

Return route

Create a route that would allow transporting return packets to the original firewall using its MAC address:

Return route to firewall FW1

On each of the firewalls (FW3 and FW4), create the following return route:

  • Gateway: create the network object corresponding to firewall 1 on the site (FW1 in the example),

NOTE
The MAC address of firewall FW1 must be declared in this network object.

 
  • Interface: select the interface on firewall FW3 (respectively for firewall FW4) through which return packets will be transported to firewall FW1 ("In" interface in the example).

Enable the route by double-clicking in the Status column.

Enabling the HTTP proxy

In the Configuration > Filter and NAT menu, expand the New rule menu and select Single rule.

Action column

  • Action: set the action to Pass,

Source column

  • Source hosts: select the network at the source of the electronic mail traffic (Network_bridge in the example).

Destination column

  • Destination hosts: select Internet.

Dest. port column

  • Destination port: select the http object.

Security inspection column

  • Inspection profile: choose the inspection profile to apply (the choice suggested by default applies the profile IPS_00 to incoming traffic and the profile IPS_01 to outgoing traffic),
  • Antivirus: enable the antivirus by selecting the value On,
  • URL filter: select the URL filter policy to apply (default00 in the example),
 

The filter policy will then look like this: