Doubt about security rule

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Doubt about security rule

L4 Transporter


I have to create a rule bidireccional between two of my servers. My question is, do i have to create two rules to allow the connection in both flows, or i could only create the rule TRUST TO DMZ and the way back would be permit too?


Its a bit tricky 2 rule for one connection, no???



L3 Networker

If all of your HTTP sessions are being originated from one side; you just need one rule.  That single rule will allow the return packets in that TCP session to come back to the originator.

If your HTTP sessions can be originated from both sides (i.e. you have HTTP servers on both sides); you really need two rules.

(I guess you could have a single rule with both Trust and DMZ zones in the Src and Dst zone lists and the both address objects in the source and dest address fields; but I really wouldn't recommend that.  Curious to know if others here do this.)

Note; for NAT rules there is a bi-directional option - there just isn't one for security rules.  (Not that the bi-directional NAT seemed to work for me; but that was a few releases back in the 5 series...  Guess I should try again sometime)

  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!