Hi there all,
I'm trying to understand the relationship between IPsec tunnels and Firewall rules.
Here is what I've got:
| SITE-A | <--ipsec--> | SITE-B | <--ipsec--> | SITE-C | |
| 4x /24 | 1x /24 | 1x /24 |
Onto the ipsec setup, everything works fine, every SA's are established, routing is fine, all good.
Now for example, from SITE-C, if I initiate an ICMP session towards the /24 in SITE-A, ICMP packets goes through. Same would apply to any services, I've tested with administrative services and simple HTTP.
Now, what bug's me is that It doesn't make any differences if Firewall policies are there or not (Automatic Firewall Rules on ipsec are disabled.).
In my example above, On the SITE-C UTM, I've got a FW policy in place from SITE-A/24 to SITE-C/4x/24. Although, the reverse policy is NOT in place. Still, from a host in SITE-C I can reach anything in SITE-A and this without, hum, any Firewall policy.
Is there anything I'm missing here?
Thanks
This thread was automatically locked due to age.
