Settings for Firewall FW5

A default route or an explicit static route to the remote network needsto be defined.

The first action that the firewall performs is indeed to check that it has a route to the remote site before looking up its filter policy. The absence of a route will result in packets being rejected.

Create a route that would allow transporting return packets to the original firewall using its MAC address:

Return route to firewall FW1

• Gateway: create the network object corresponding to firewall 1 on the site (FW1 in the example),

NOTE
The MAC address of firewall FW1 must be declared in this network object.

• Interface: select the interface on firewall FW2 through which return packets will be transported to firewall FW1 ("In" interface in the example).

Enable the route by double-clicking in the Status column.

In the Configuration > Security policy > Filter and NAT menu, expand the New rule menu and select Standard rule.

Action column

• Action: set the action to Pass,

Source column

• Source hosts: select the network at the source of the electronic mail traffic (Network_bridge in the example).

Destination column

• Destination hosts: select Internet.

Dest. port column

• Destination port: select the object mail_srv containing SMTP, IMAP and POP3.

Security inspection column

• Inspection profile: choose the inspection profile to apply (the choice suggested by default applies the profile IPS_00 to incoming traffic and the profile IPS_01 to outgoing traffic),
• Antivirus: enable the antivirus by selecting the value On,
• Antispam: enable the antispam by selecting the value On,
• SMTP filter: select the SMTP filter policy to apply (default00 in the example),

The filter policy will then look like this: