Creating a corporate to internet policy

To create a firewall policy:

Go to Policy & Objects > Firewall Policy, and click Create New.

Set the following options, and click OK:

Name	CORP_to_INTERNET
Incoming Interface	VLAN20, VLAN30, VLAN40
Outgoing Interface	WAN1
Source	IT_net, ENG_net, SALES_net
Destination*	!RFC-1918
Service	ALL
Schedule	Always
Action	Accept
NAT	Use Outgoing Interface Address
Security Profiles	CORP_AV, CORP_WF, CORP_DNS, CORP_AC, CORP_IP
Logging Options	All Sessions

* After saving the policy, right-click it to select >_ Edit in CLI. From the CLI, enter set dstaddr-negate enable. This will change the destination to NOT RFC-1918 addresses.

Creating a corporate to internet policy

To create a firewall policy:

Go to Policy & Objects > Firewall Policy, and click Create New.

Set the following options, and click OK:

Name	CORP_to_INTERNET
Incoming Interface	VLAN20, VLAN30, VLAN40
Outgoing Interface	WAN1
Source	IT_net, ENG_net, SALES_net
Destination*	!RFC-1918
Service	ALL
Schedule	Always
Action	Accept
NAT	Use Outgoing Interface Address
Security Profiles	CORP_AV, CORP_WF, CORP_DNS, CORP_AC, CORP_IP
Logging Options	All Sessions

* After saving the policy, right-click it to select >_ Edit in CLI. From the CLI, enter set dstaddr-negate enable. This will change the destination to NOT RFC-1918 addresses.

NGFW Deployment

Creating a corporate to internet policy

Creating a corporate to internet policy

To create a firewall policy:

Creating a corporate to internet policy

To create a firewall policy: