Configuring the FW-PARIS firewall

Follow all the steps required to configure the PARIS firewall, as described in the section Configuring the FW-PARIS firewall from the example that deals with IPsec tunnels based on virtual IPsec (VTI) interfaces.

As indicated in the header of this section, the failover option is imperative when creating the router object that is used in the route to the PARIS site's LAN.

The following paragraphs explain the specific settings in a hub and spoke configuration.

This example shows the policy-based routing option on the PARIS site.

Using the router object in routing to access the Internet

  1. Go to Configuration > Security policy > Filter - NAT, Filtering tab.
  2. Click on New rule > Single rule.
  3. Double-click in any column in this rule.
  4. General menu on the left: switch the Status of the rule to On.
  5. Action menu on the left, General tab:
    1. General section: set the Action to pass.
    2. Routing section: select the router object that was created earlier.
  6. Source menu on the left: double-click on the Any object and replace it with the object corresponding to the local network of the PARIS site (PAR-LAN in this example).
  7. Destination menu on the left: double-click on the object Any and replace it with the Internet object.
  8. Inspection menu on the left: we recommend leaving the default Inspection level, IPS.
  9. Click on OK.
  10. Click on Apply.

The policy-based routing rule will then look like this: