I have to confess I am still finding it difficult to understand, configure, and implement intrazone (formerly intraburb) forwarding successfully on MFE v8.
Why the very easy, single checkbox, setting in v6 was ever removed is a complete mystery to me.
Anyway, the basic scenario I am working with is that MFE has a number of static routes configured and I wish for any client machine using MFE as it's default gateway to be able to benefit from these routes. As mentioned in v6 and earlier, all that was required was to check the "Intra-burb packet forwarding" setting against the internal burb entry and that was that.
In v7 it was necessary to create a custom packet filter service and use this to enable intraburb forwarding and then create a second service which was then used in an access rule.
As far as v8 is concerned, KB article KB70885 provides us with the CLI command
cf agent modify name='TCP/UDP Packet Filter' intrazone_forwarding=yes
but then goes on to say nothing more than Intrazone forwarding now works for TCP/UDP filters. Previous discussions threads have indicated that in v8 it is still necessary to create the access rule (along the same lines as v7) but necessarily how that rule should be constructed.
I've tried source zone=internal, destination zone=internal, application=<Any>, action=Allow and if the rule is placed anywhere before the Administration group I find myself prompty kicked-out of the Admin Console. If placed after the Adminstration rule group it doesn't stop you from accessing the Firewall, but other things such as site-to-site VPNs then stop working.
So, rather than continue to speculate or experiment, as I did when I last came up against this hurdle (see thread from June 2011 on the same subject), do any of the McAfee guys in this community have a template for how this rule should be constructed to allow the Firewall serve its static routes to client machines on the internal zone and where best to place this rule in the rule set to stop it from causing all maner of problems with other services.