By default, the Firebox inspects traffic between external interfaces and applies firewall policies to that traffic. The Firebox does not inspect traffic between internal interfaces by default.
In Fireware v12.8 or higher, from the Fireware CLI, you can specify the intra-if-inspection command to enable or disable intra-interface inspection on physical and link aggregation interfaces. If you enable this setting, the Firebox applies firewall policies to intra-interface traffic for the specified interface.
To disable intra-interface traffic inspection, from Fireware CLI:
- In the Configuration Command Mode, enter the Interface Command Mode and specify an interface.
- To disable intra-interface traffic inspection for the interface, run this command: no intra-if-inspection enable
- To enable intra-interface traffic inspection for the interface, run this command: intra-if-inspection enable
Examples
WG(config/if-fe01)#intra-if-inspection enable
WG(config/if-fe01)#no intra-if-inspection enable
This setting is not available in Fireware Web UI or Policy Manager.