2 Replies Latest reply on Feb 22, 2011 7:00 AM by gooru4speed

    Does Firewall Enterprise V8 support VPN Pass through?

    gooru4speed

      Hi fellows,

      I read the MFE v8 product guide and I did not find if it supports VPN pass through. Anyone knows something about it?

       

      Thnx!

       

      JR

        • 1. Does Firewall Enterprise V8 support VPN Pass through?
          sliedl

          Here's how you do it:

           

          Create a new custom application on UDP ports 500 and 4500 to pass IKE and NAT-T traffic:

          Policy -> Rule Elements -> Applications
          Click the '+' sign to add a new Application
          TCP/UDP is selected by default.  Type '500,4500' in the 'UDP Ports' text box
          Click Save

          Create a new Access Control Rule.

          In the 'Applications' section choose the new application you created for UDP ports 500/4500.  You must also select the built-in application called 'IPSec/ESP' to pass the 'ESP/protocol 50' (phase 2) traffic.  You will have two applications in this rule then.

          Select your Source and Destination Zones accordingly.  If you choose <Any> for the Source Zone it may cause the VPNs that terminate on the external side of the firewall to stop working, so choose accordingly.

          Save this rule.  Move it above the Deny All rule.

          All services at version 8.x are stateful, so you do not need a bi-directional service (they do not exist any longer) and you do not need a 'return rule' for the response traffic to pass back through the firewall.