Intra-Interface Traffic Inspection

Some of the features described in this section are only available to participants in the WatchGuard Beta program. If a feature described in this section is not available in your version of Fireware, it is a beta-only feature.

By default, the Firebox inspects traffic between external interfaces and applies firewall policies to that traffic. The Firebox does not inspect traffic between internal interfaces by default.

In Fireware v12.8 or higher, from the Fireware CLI, you can specify the intra-if-inspection command to enable or disable intra-interface inspection on physical and link aggregation interfaces. If you enable this setting, the Firebox applies firewall policies to intra-interface traffic for the specified interface.

To disable intra-interface traffic inspection, from Fireware CLI:

  1. In the Configuration Command Mode, enter the Interface Command Mode and specify an interface.
  2. To disable intra-interface traffic inspection for the interface, run this command: no intra-if-inspection enable
  3. To enable intra-interface traffic inspection for the interface, run this command: intra-if-inspection enable


WG(config/if-fe01)#intra-if-inspection enable

WG(config/if-fe01)#no intra-if-inspection enable

This setting is not available in Fireware Web UI or Policy Manager.

See Also

About Advanced Interface Settings