Symantec 5620 : permit traffic entering and exiting the same interface

Symantec 5620 : permit traffic entering and exiting the same interface

am 04.03.2007 21:02:40 von Gautam

Hi friends,

I just had a basic question on configuring Symantec 5620 firewall. I
wanted to know what is the equivalent of Cisco command same-security-
traffic permit intra-interface in Symantec firewall.

The reason that I am asking is because the Symantec firewall is the
default gateway of a LAN 192.168.0.0/24. Now, the firewall has a
static route to reach 192.168.1.0 segment.

So, other computers / servers whose default gateway is Symantec
firewall will also talk to the 192.168.1.0 network through the
Symantec firewall's static route to 192.168.1.0 network. Right now,
they are not able to talk to 192.168.1.0 network unless i create a
static route on the specific PC's / servers.

Now how can I avoid adding static routes on the individual PC's /
servers ? There should be a feature to allow the firewall to pass
traffic entering and exiting the same firewall's interface. The
packets are entering the firewall's inside interface and leaving the
firewall's inside interface. They are not touching the firewall
interface's public or outside interface.

Please advise.

Thanks a lot
Gautam

Re: Symantec 5620 : permit traffic entering and exiting the same interface

am 06.03.2007 03:55:13 von wayne

"Gautam" wrote in message
news:1173038560.322411.288240@p10g2000cwp.googlegroups.com.. .
> Hi friends,
>
> I just had a basic question on configuring Symantec 5620 firewall. I
> wanted to know what is the equivalent of Cisco command same-security-
> traffic permit intra-interface in Symantec firewall.
>
> The reason that I am asking is because the Symantec firewall is the
> default gateway of a LAN 192.168.0.0/24. Now, the firewall has a
> static route to reach 192.168.1.0 segment.
>
> So, other computers / servers whose default gateway is Symantec
> firewall will also talk to the 192.168.1.0 network through the
> Symantec firewall's static route to 192.168.1.0 network. Right now,
> they are not able to talk to 192.168.1.0 network unless i create a
> static route on the specific PC's / servers.
>
> Now how can I avoid adding static routes on the individual PC's /
> servers ? There should be a feature to allow the firewall to pass
> traffic entering and exiting the same firewall's interface. The
> packets are entering the firewall's inside interface and leaving the
> firewall's inside interface. They are not touching the firewall
> interface's public or outside interface.
>
> Please advise.
>
> Thanks a lot
> Gautam
>

This will work, but in addition to adding the static route, you will need to
create a rule that will allow traffic FROM 192.168.0.0 /24 TO 192.168.1.0
/24 and selecting the protocol group (possibly "all" protocols).