Settings for Firewall FW5
A default route or an explicit static route to the remote network needsto be defined.
The first action that the firewall performs is indeed to check that it has a route to the remote site before looking up its filter policy. The absence of a route will result in packets being rejected.
Create a route that would allow transporting return packets to the original firewall using its MAC address:
Return route to firewall FW1
- Gateway: create the network object corresponding to firewall 1 on the site (FW1 in the example),
The MAC address of firewall FW1 must be declared in this network object.
- Interface: select the interface on firewall FW2 through which return packets will be transported to firewall FW1 ("In" interface in the example).
Enable the route by double-clicking in the Status column.
In the Configuration > Security policy > Filter and NAT menu, expand the New rule menu and select Standard rule.
- Action: set the action to Pass,
- Source hosts: select the network at the source of the electronic mail traffic (Network_bridge in the example).
- Destination hosts: select Internet.
Dest. port column
- Destination port: select the object mail_srv containing SMTP, IMAP and POP3.
Security inspection column
- Inspection profile: choose the inspection profile to apply (the choice suggested by default applies the profile IPS_00 to incoming traffic and the profile IPS_01 to outgoing traffic),
- Antivirus: enable the antivirus by selecting the value On,
- Antispam: enable the antispam by selecting the value On,
- SMTP filter: select the SMTP filter policy to apply (default00 in the example),
The filter policy will then look like this: