A Pass firewall rule permits traffic for a specific Service coming from the Source to access the selected Destination. For the Source and Destination, you can specify network objects, IP addresses, networks, or geolocation objects.
Create a Pass Firewall Rule
- Open the Forwarding Rules page (Config > Full Config > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules).
- Click Lock.
- Either click the plus icon (+) at the top right of the rule set, or right-click the rule set and select New > Rule.
- Select Pass as the action.
- Enter a name for the rule. For example,
- Specify the following settings that must be matched by the traffic to be handled by the firewall rule:
- Source – The source addresses of the traffic.
- Destination – The destination addresses of the traffic.
- Service – Select a service object, or select Any for this rule to match for all services.
- Click OK.
- Drag and drop the firewall rule so that it is the first rule that matches the traffic that you want it to forward. Ensure that the rule is located above the BLOCKALL rule; rules located below the BLOCKALL rule are never executed.
- Click Send Changes and Activate.
Additional Matching Criteria
- Authenticated User – For more information, see User Objects.
- Connection Method – For more information, see Connection Objects.
- IPS Policy – For more information, see Intrusion Prevention System (IPS).
- Application Control – For more information, see Application Control 2.0.
- SSL Interception – For more information, see How to Enable Application Control 2.0, SSL Interception, URL Filtering, Virus Scanning and ATP.
- URL Filter – For more information, see URL Filter.
- AV Scan – For more information, see How to Configure Virus Scanning in the Firewall.
- Time Objects – For more information, see Time Objects.
- QoS Band (Fwd) or QoS Band (Reply) – For more information, see Traffic Shaping.