Configuring filter rules on the firewall

To define the various filter rules needed:

  1. Go to the menu Configuration > Security policy > Filter - NAT > Filtering tab.
  2. Select the desired security policy using the drop-down list.
  1. Click on New rule.
  2. Select Single rule.
  3. Double-click on the newly added rule.
  4. In the General menu, set the Status to On.
  5. In the Action menu > General tab, set the Action to pass.
    You can also select the value Log (filter log) for the Log level field.
  6. In the Source menu > General tab, click on Add and select the network object App-Tier.
  7. Repeat the operation to add the objects Web-Tier and DB-Tier.
  8. For the Incoming interface field, select the transit interface.
  9. In the Destination menu > Advanced properties tab, select the out interface as the Outgoing interface.
  10. Validate the rule by clicking on OK.
  1. Click on New rule.
  2. Select Single rule.
  3. Double-click on the newly added rule.
  4. In the General menu, set the Status to On.
  5. In the Action menu > General tab, set the Action to pass.
    You can also select the value Log (filter log) for the Log level field.
  6. In the Source menu > General tab, select the out interface as the Incoming interface.
  7. In the Destination menu > General tab, click on Add and select the network object Web-NAT.
  8. In the Port / Protocol menu > under Port, click on Add and select the http object.
  9. Repeat the operation to add the https object.
  10. Validate the rule by clicking on OK.
  1. Click on New rule.
  2. Select Single rule.
  3. Double-click on the newly added rule.
  4. In the General menu, set the Status to On.
  5. Validate the rule by clicking on OK.
    The newly added rule will therefore block all other traffic.
    Ensure that this rule is the last in your filter policy (where necessary, you can select it and move it using the Up and Down buttons.

The filter policy on the peripheral firewall will then look like this: