Bi-directional access rules are rules where the source and destination of the rule are used interchangeably. Bi-directional rules must use the action Pass or Map and a static NAT or no source NAT as the Connection Method.
Create a Pass Access Rule
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
- Click Lock.
- Either click the plus icon (+) at the top right of the rule set, or right-click the rule set and select New > Rule.
- Select Pass or Dst NAT as the action.
- Enter a name for the rule.
- Select the Bi-Directional check box.
- Specify the following settings that must be matched by the traffic to be handled by the access rule:
- Source – The source addresses of the traffic.
- Destination – The destination addresses of the traffic.
- Service – Select a service object, or select Any for this rule to match for all services.
- Click OK.
- Drag and drop the access rule so that it is the first rule that matches the traffic that you want it to forward. Ensure that the rule is located above the BLOCKALL rule; rules located below the BLOCKALL rule are never executed.
- Click Send Changes and Activate.
Additional Matching Criteria
- Authenticated User – For more information, see User Objects.
- Schedule Objects – For more information, see Schedule Objects.
- Connection Method – For more information, see Connection Objects.
- IPS Policy – For more information, see Intrusion Prevention System (IPS).
- Application Control – For more information on Application Control features, see Application Control.
- SSL Inspection Policy – For more information, see SSL Inspection in the Firewall.
- QoS Band (Fwd) or QoS Band (Reply) – For more information, see Traffic Shaping.