1.
Go to: Policies > Firewalling > Add > Goto rule
2.
Now enter:
•
Name: goto_dmz
•
RuleSet: dmz_rules
•
Source Interface: any
•
Source Network: all-nets
•
Destination Interface: any
•
Destination Network: dmz_net
•
Service: all_services
3.
Select OK
Adding a Return Rule
As noted earlier, a Return rule cannot be added to the rule set main. It can only be added to an
administrator defined IP rule set. Filtering criteria can be added to a Return rule but it is more
usual to not specify any traffic type, as shown in the example below. This means that when it is
encountered, the Return rule will always return rule set scanning to the entry immediately
following the last executed Goto.
Example 3.33. Adding a Return Rule
In this example, a Return rule is added to the end of the administrator defined IP rule set
dmz_rules. It will be applicable to all traffic so if it is encountered, processing will return to the
rule set entry following the last executed Goto rule.
Command-Line Interface
Change the CLI context to be the rule set:
gw-world:/> cc IPRuleSet dmz_rules
Add the return rule to the rule set:
gw-world:/dmz_rules> add ReturnRule SourceInterface=any
Return to the default CLI context:
gw-world:/main> cc
gw-world:/>
SourceNetwork=all-nets
DestinationInterface=any
DestinationNetwork=all-nets
Service=all_services
Name=return_dmz_to_main
239
Chapter 3: Fundamentals