This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

traffic flow

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

traffic flow

simsim
L4 Transporter

‎05-15-2017 10:24 AM

Hi,

 

I have two zone (trust and trust),

for trust to untrust traffic flow   and untrust to trust , do I need to create two security rules ?

 

Thanks

 

 

0 Likes Likes
7 REPLIES 7

TranceforLife
L6 Presenter

‎05-15-2017 10:55 AM

Yes, l would keep the policies separate. More secure and more granular control. But you still can use the below example (not the greatest one :D):

 

same zone.JPG

 

 

0 Likes Likes

Remo
L7 Applicator
In response to TranceforLife

‎05-15-2017 11:31 AM

From a swcurity perspective there is no difference between one or two rules (assuming that you really want to allow the same from trust to untrust and the other way). Just make sure you use ruletype "interzone".
But actually I would also do it like @TranceforLife and create two seperate rules.
0 Likes Likes

simsim
L4 Transporter
In response to TranceforLife

‎05-15-2017 11:32 AM - edited ‎05-15-2017 11:34 AM

Hi,

The screenshot shows from trust to trust and untrust to untrust ?

My question is it really necessary a reverse policy (from untrust to trust )  since it is a stateful firewall .

Thanks

0 Likes Likes

Remo
L7 Applicator
In response to simsim

‎05-15-2017 11:46 AM

Short and simple: No, it's not necessary
0 Likes Likes

TranceforLife
L6 Presenter
In response to simsim

‎05-15-2017 12:11 PM - edited ‎05-15-2017 12:11 PM

l think l didn't understand a question properly or the question itself was not clear 😄 

 

Anyway, it all depends from where you are initiating your traffic. With the stateful firewall return traffic is permitted (stateful firewall as you have mentioned already) 

0 Likes Likes

simsim
L4 Transporter
In response to TranceforLife

‎05-15-2017 12:56 PM

Hi,

Sorry for the confusion . 

If the traffic is originating from the trust to untrust , we have to create a rule  (rule1)  like source 'trust' and destination 'untrust',

(The return traffic from the same 

If the traffic is originating from the untrust to trust  ,we have to create a rule  (rule2)  like source 'untrust' and destination 'trust',

Correct mf If I am worng ?

 

Thanks

 

0 Likes Likes

TranceforLife
L6 Presenter
In response to simsim

‎05-15-2017 01:07 PM

Correct 😉

  • 3102 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks