Missing firewall rule .. can't figure out


#1

I am trying to configure a simple zone based firewall but not success so far. Here is my config.

[code]set zone-policy zone FIREWALL interface eth1
set zone-policy zone SERVERS interface eth0.100

set firewall name SERVERS-FIREWALL default-action drop
set firewall name SERVERS-FIREWALL rule 1 action accept
set firewall name SERVERS-FIREWALL rule 1 state established enable
set firewall name SERVERS-FIREWALL rule 1 state related enable
set firewall name SERVERS-FIREWALL rule 2 action drop
set firewall name SERVERS-FIREWALL rule 2 log enable
set firewall name SERVERS-FIREWALL rule 2 state invalid enable
set firewall name SERVERS-FIREWALL rule 100 action accept
set firewall name SERVERS-FIREWALL rule 100 log enable
set firewall name SERVERS-FIREWALL rule 100 protocol icmp
set firewall name SERVERS-FIREWALL rule 600 action accept
set firewall name SERVERS-FIREWALL rule 600 log enable
set firewall name SERVERS-FIREWALL rule 600 protocol tcp_udp
set firewall name SERVERS-FIREWALL rule 9999 action drop
set firewall name SERVERS-FIREWALL rule 9999 log enable
set zone-policy zone FIREWALL from SERVERS firewall name SERVERS-FIREWALL

set firewall name FIREWALL-SERVERS default-action drop
set firewall name FIREWALL-SERVERS rule 1 action accept
set firewall name FIREWALL-SERVERS rule 1 state established enable
set firewall name FIREWALL-SERVERS rule 1 state related enable
set firewall name FIREWALL-SERVERS rule 2 action drop
set firewall name FIREWALL-SERVERS rule 2 log enable
set firewall name FIREWALL-SERVERS rule 2 state invalid enable
set firewall name FIREWALL-SERVERS rule 100 action accept
set firewall name FIREWALL-SERVERS rule 100 log enable
set firewall name FIREWALL-SERVERS rule 100 protocol icmp
set firewall name FIREWALL-SERVERS rule 600 action accept
set firewall name FIREWALL-SERVERS rule 600 log enable
set firewall name FIREWALL-SERVERS rule 600 protocol tcp_udp
set firewall name FIREWALL-SERVERS rule 9999 action drop
set firewall name FIREWALL-SERVERS rule 9999 log enable
set zone-policy zone SERVERS from FIREWALL firewall name FIREWALL-SERVERS
[/code]

When I enable the firewall, I am not able to connect to any zone but only the firewall itself. Can’t seem to figure out what’s wrong here. I can see everything is hitting Rule 600 but it looks like there is a missing rule. How can I fix this?

Thanks