I’m attempting to set up a Zone-Based Firewall on VyOS 1.4, aiming to start with a basic configuration that allows all traffic. However, my attempts have been unsuccessful.
I am currently connecting via pppoe0 (with Apache Guacamole 192.168.131.9), and after applying the configuration, I am unable to detail the exact status, but communication from pppoe0 to eth5 is definitely not working.
Since I’m unsure of the cause, I’ve included my complete configuration below for review. I would appreciate any insights or suggestions you might have.
set interfaces ethernet eth0 address '192.168.254.7/24'
set interfaces ethernet eth0 description 'ManagementInterface'
set interfaces ethernet eth0 vrf 'MANAGE'
set interfaces ethernet eth1 address 'dhcp'
set interfaces ethernet eth1 description 'External'
set interfaces ethernet eth2 address '192.168.254.1/24'
set interfaces ethernet eth2 description 'Management'
set interfaces ethernet eth3 address '192.168.129.1/24'
set interfaces ethernet eth3 description 'Server'
set interfaces ethernet eth4 address '192.168.130.1/24'
set interfaces ethernet eth4 description 'Client'
set interfaces ethernet eth5 address '192.168.131.1/24'
set interfaces ethernet eth5 description 'DMZ'
set interfaces ethernet eth5 vrf 'PUBLIC'
set interfaces loopback lo
set interfaces pppoe pppoe0 authentication password 'my_pppoe_password'
set interfaces pppoe pppoe0 authentication username 'myname@domain.name'
set interfaces pppoe pppoe0 ip adjust-mss '1414'
set interfaces pppoe pppoe0 source-interface 'eth1'
set interfaces pppoe pppoe0 vrf 'PUBLIC'
set nat destination rule 1 destination port '80'
set nat destination rule 1 inbound-interface name 'pppoe0'
set nat destination rule 1 protocol 'tcp'
set nat destination rule 1 translation address '192.168.131.9'
set nat destination rule 2 destination port '443'
set nat destination rule 2 inbound-interface name 'pppoe0'
set nat destination rule 2 protocol 'tcp'
set nat destination rule 2 translation address '192.168.131.9'
set nat source rule 100 outbound-interface name 'eth1'
set nat source rule 100 translation address 'masquerade'
set nat source rule 200 outbound-interface name 'pppoe0'
set nat source rule 200 translation address 'masquerade'
set policy route EXTERNAL interface 'eth5'
set policy route EXTERNAL rule 1 destination address '192.168.129.0/24'
set policy route EXTERNAL rule 1 set table 'main'
set policy route EXTERNAL rule 2 destination address '192.168.130.0/24'
set policy route EXTERNAL rule 2 set table 'main'
set policy route EXTERNAL rule 3 destination address '192.168.254.0/24'
set policy route EXTERNAL rule 3 set table 'main'
set policy route INTERNAL interface 'eth2'
set policy route INTERNAL interface 'eth3'
set policy route INTERNAL interface 'eth4'
set policy route INTERNAL rule 1 destination address '192.168.131.0/24'
set policy route INTERNAL rule 1 set table '100'
set service ntp server ntp.nict.jp
set service ssh vrf 'MANAGE'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system domain-name 'example.com'
set system host-name 'router'
set system name-server 'eth1'
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'
set system time-zone 'Asia/Tokyo'
set vrf name MANAGE protocols static route 0.0.0.0/0 next-hop 192.168.254.1
set vrf name MANAGE table '200'
set vrf name PUBLIC table '100'
set firewall zone LOCAL from MANAGE firewall name MANAGE-LOCAL
set firewall zone LOCAL from EXTERNAL firewall name EXTERNAL-LOCAL
set firewall zone LOCAL from MANAGEMENT firewall name MANAGEMENT-LOCAL
set firewall zone LOCAL from CLIENT firewall name CLIENT-LOCAL
set firewall zone LOCAL from SERVER firewall name SERVER-LOCAL
set firewall zone LOCAL from DMZ firewall name DMZ-LOCAL
set firewall zone LOCAL from PUBLIC firewall name PUBLIC-LOCAL
set firewall zone LOCAL local-zone
set firewall zone MANAGE from LOCAL firewall name LOCAL-MANAGE
set firewall zone MANAGE from EXTERNAL firewall name EXTERNAL-MANAGE
set firewall zone MANAGE from MANAGEMENT firewall name MANAGEMENT-MANAGE
set firewall zone MANAGE from CLIENT firewall name CLIENT-MANAGE
set firewall zone MANAGE from SERVER firewall name SERVER-MANAGE
set firewall zone MANAGE from DMZ firewall name DMZ-MANAGE
set firewall zone MANAGE from PUBLIC firewall name PUBLIC-MANAGE
set firewall zone MANAGE interface eth0
set firewall zone EXTERNAL from LOCAL firewall name LOCAL-EXTERNAL
set firewall zone EXTERNAL from MANAGE firewall name MANAGE-EXTERNAL
set firewall zone EXTERNAL from MANAGEMENT firewall name MANAGEMENT-EXTERNAL
set firewall zone EXTERNAL from CLIENT firewall name CLIENT-EXTERNAL
set firewall zone EXTERNAL from SERVER firewall name SERVER-EXTERNAL
set firewall zone EXTERNAL from DMZ firewall name DMZ-EXTERNAL
set firewall zone EXTERNAL from PUBLIC firewall name PUBLIC-EXTERNAL
set firewall zone EXTERNAL interface eth1
set firewall zone MANAGEMENT from LOCAL firewall name LOCAL-MANAGEMENT
set firewall zone MANAGEMENT from MANAGE firewall name MANAGE-MANAGEMENT
set firewall zone MANAGEMENT from EXTERNAL firewall name EXTERNAL-MANAGEMENT
set firewall zone MANAGEMENT from CLIENT firewall name CLIENT-MANAGEMENT
set firewall zone MANAGEMENT from SERVER firewall name SERVER-MANAGEMENT
set firewall zone MANAGEMENT from DMZ firewall name DMZ-MANAGEMENT
set firewall zone MANAGEMENT from PUBLIC firewall name PUBLIC-MANAGEMENT
set firewall zone MANAGEMENT interface eth2
set firewall zone CLIENT from LOCAL firewall name LOCAL-CLIENT
set firewall zone CLIENT from MANAGE firewall name MANAGE-CLIENT
set firewall zone CLIENT from EXTERNAL firewall name EXTERNAL-CLIENT
set firewall zone CLIENT from MANAGEMENT firewall name MANAGEMENT-CLIENT
set firewall zone CLIENT from SERVER firewall name SERVER-CLIENT
set firewall zone CLIENT from DMZ firewall name DMZ-CLIENT
set firewall zone CLIENT from PUBLIC firewall name PUBLIC-CLIENT
set firewall zone CLIENT interface eth3
set firewall zone SERVER from LOCAL firewall name LOCAL-SERVER
set firewall zone SERVER from MANAGE firewall name MANAGE-SERVER
set firewall zone SERVER from EXTERNAL firewall name EXTERNAL-SERVER
set firewall zone SERVER from MANAGEMENT firewall name MANAGEMENT-SERVER
set firewall zone SERVER from CLIENT firewall name CLIENT-SERVER
set firewall zone SERVER from DMZ firewall name DMZ-SERVER
set firewall zone SERVER from PUBLIC firewall name PUBLIC-SERVER
set firewall zone SERVER interface eth4
set firewall zone DMZ from LOCAL firewall name LOCAL-DMZ
set firewall zone DMZ from MANAGE firewall name MANAGE-DMZ
set firewall zone DMZ from EXTERNAL firewall name EXTERNAL-DMZ
set firewall zone DMZ from MANAGEMENT firewall name MANAGEMENT-DMZ
set firewall zone DMZ from CLIENT firewall name CLIENT-DMZ
set firewall zone DMZ from SERVER firewall name SERVER-DMZ
set firewall zone DMZ from PUBLIC firewall name PUBLIC-DMZ
set firewall zone DMZ interface eth5
set firewall zone PUBLIC from LOCAL firewall name LOCAL-PUBLIC
set firewall zone PUBLIC from MANAGE firewall name MANAGE-PUBLIC
set firewall zone PUBLIC from EXTERNAL firewall name EXTERNAL-PUBLIC
set firewall zone PUBLIC from MANAGEMENT firewall name MANAGEMENT-PUBLIC
set firewall zone PUBLIC from CLIENT firewall name CLIENT-PUBLIC
set firewall zone PUBLIC from SERVER firewall name SERVER-PUBLIC
set firewall zone PUBLIC from DMZ firewall name DMZ-PUBLIC
set firewall zone PUBLIC interface pppoe0
set firewall ipv4 name MANAGE-LOCAL default-action accept
set firewall ipv4 name MANAGE-LOCAL default-log
set firewall ipv4 name MANAGE-LOCAL rule 1 action accept
set firewall ipv4 name MANAGE-LOCAL rule 1 state established
set firewall ipv4 name MANAGE-LOCAL rule 2 action accept
set firewall ipv4 name MANAGE-LOCAL rule 2 state related
set firewall ipv4 name MANAGE-LOCAL rule 2 log
set firewall ipv4 name EXTERNAL-LOCAL default-action accept
set firewall ipv4 name EXTERNAL-LOCAL default-log
set firewall ipv4 name EXTERNAL-LOCAL rule 1 action accept
set firewall ipv4 name EXTERNAL-LOCAL rule 1 state established
set firewall ipv4 name EXTERNAL-LOCAL rule 2 action accept
set firewall ipv4 name EXTERNAL-LOCAL rule 2 state related
set firewall ipv4 name EXTERNAL-LOCAL rule 2 log
set firewall ipv4 name MANAGEMENT-LOCAL default-action accept
set firewall ipv4 name MANAGEMENT-LOCAL default-log
set firewall ipv4 name MANAGEMENT-LOCAL rule 1 action accept
set firewall ipv4 name MANAGEMENT-LOCAL rule 1 state established
set firewall ipv4 name MANAGEMENT-LOCAL rule 2 action accept
set firewall ipv4 name MANAGEMENT-LOCAL rule 2 state related
set firewall ipv4 name MANAGEMENT-LOCAL rule 2 log
set firewall ipv4 name CLIENT-LOCAL default-action accept
set firewall ipv4 name CLIENT-LOCAL default-log
set firewall ipv4 name CLIENT-LOCAL rule 1 action accept
set firewall ipv4 name CLIENT-LOCAL rule 1 state established
set firewall ipv4 name CLIENT-LOCAL rule 2 action accept
set firewall ipv4 name CLIENT-LOCAL rule 2 state related
set firewall ipv4 name CLIENT-LOCAL rule 2 log
set firewall ipv4 name SERVER-LOCAL default-action accept
set firewall ipv4 name SERVER-LOCAL default-log
set firewall ipv4 name SERVER-LOCAL rule 1 action accept
set firewall ipv4 name SERVER-LOCAL rule 1 state established
set firewall ipv4 name SERVER-LOCAL rule 2 action accept
set firewall ipv4 name SERVER-LOCAL rule 2 state related
set firewall ipv4 name SERVER-LOCAL rule 2 log
set firewall ipv4 name DMZ-LOCAL default-action accept
set firewall ipv4 name DMZ-LOCAL default-log
set firewall ipv4 name DMZ-LOCAL rule 1 action accept
set firewall ipv4 name DMZ-LOCAL rule 1 state established
set firewall ipv4 name DMZ-LOCAL rule 2 action accept
set firewall ipv4 name DMZ-LOCAL rule 2 state related
set firewall ipv4 name DMZ-LOCAL rule 2 log
set firewall ipv4 name PUBLIC-LOCAL default-action accept
set firewall ipv4 name PUBLIC-LOCAL default-log
set firewall ipv4 name PUBLIC-LOCAL rule 1 action accept
set firewall ipv4 name PUBLIC-LOCAL rule 1 state established
set firewall ipv4 name PUBLIC-LOCAL rule 2 action accept
set firewall ipv4 name PUBLIC-LOCAL rule 2 state related
set firewall ipv4 name PUBLIC-LOCAL rule 2 log
set firewall ipv4 name LOCAL-MANAGE default-action accept
set firewall ipv4 name LOCAL-MANAGE default-log
set firewall ipv4 name LOCAL-MANAGE rule 1 action accept
set firewall ipv4 name LOCAL-MANAGE rule 1 state established
set firewall ipv4 name LOCAL-MANAGE rule 2 action accept
set firewall ipv4 name LOCAL-MANAGE rule 2 state related
set firewall ipv4 name LOCAL-MANAGE rule 2 log
set firewall ipv4 name EXTERNAL-MANAGE default-action accept
set firewall ipv4 name EXTERNAL-MANAGE default-log
set firewall ipv4 name EXTERNAL-MANAGE rule 1 action accept
set firewall ipv4 name EXTERNAL-MANAGE rule 1 state established
set firewall ipv4 name EXTERNAL-MANAGE rule 2 action accept
set firewall ipv4 name EXTERNAL-MANAGE rule 2 state related
set firewall ipv4 name EXTERNAL-MANAGE rule 2 log
set firewall ipv4 name MANAGEMENT-MANAGE default-action accept
set firewall ipv4 name MANAGEMENT-MANAGE default-log
set firewall ipv4 name MANAGEMENT-MANAGE rule 1 action accept
set firewall ipv4 name MANAGEMENT-MANAGE rule 1 state established
set firewall ipv4 name MANAGEMENT-MANAGE rule 2 action accept
set firewall ipv4 name MANAGEMENT-MANAGE rule 2 state related
set firewall ipv4 name MANAGEMENT-MANAGE rule 2 log
set firewall ipv4 name CLIENT-MANAGE default-action accept
set firewall ipv4 name CLIENT-MANAGE default-log
set firewall ipv4 name CLIENT-MANAGE rule 1 action accept
set firewall ipv4 name CLIENT-MANAGE rule 1 state established
set firewall ipv4 name CLIENT-MANAGE rule 2 action accept
set firewall ipv4 name CLIENT-MANAGE rule 2 state related
set firewall ipv4 name CLIENT-MANAGE rule 2 log
set firewall ipv4 name SERVER-MANAGE default-action accept
set firewall ipv4 name SERVER-MANAGE default-log
set firewall ipv4 name SERVER-MANAGE rule 1 action accept
set firewall ipv4 name SERVER-MANAGE rule 1 state established
set firewall ipv4 name SERVER-MANAGE rule 2 action accept
set firewall ipv4 name SERVER-MANAGE rule 2 state related
set firewall ipv4 name SERVER-MANAGE rule 2 log
set firewall ipv4 name DMZ-MANAGE default-action accept
set firewall ipv4 name DMZ-MANAGE default-log
set firewall ipv4 name DMZ-MANAGE rule 1 action accept
set firewall ipv4 name DMZ-MANAGE rule 1 state established
set firewall ipv4 name DMZ-MANAGE rule 2 action accept
set firewall ipv4 name DMZ-MANAGE rule 2 state related
set firewall ipv4 name DMZ-MANAGE rule 2 log
set firewall ipv4 name PUBLIC-MANAGE default-action accept
set firewall ipv4 name PUBLIC-MANAGE default-log
set firewall ipv4 name PUBLIC-MANAGE rule 1 action accept
set firewall ipv4 name PUBLIC-MANAGE rule 1 state established
set firewall ipv4 name PUBLIC-MANAGE rule 2 action accept
set firewall ipv4 name PUBLIC-MANAGE rule 2 state related
set firewall ipv4 name PUBLIC-MANAGE rule 2 log
set firewall ipv4 name LOCAL-EXTERNAL default-action accept
set firewall ipv4 name LOCAL-EXTERNAL default-log
set firewall ipv4 name LOCAL-EXTERNAL rule 1 action accept
set firewall ipv4 name LOCAL-EXTERNAL rule 1 state established
set firewall ipv4 name LOCAL-EXTERNAL rule 2 action accept
set firewall ipv4 name LOCAL-EXTERNAL rule 2 state related
set firewall ipv4 name LOCAL-EXTERNAL rule 2 log
set firewall ipv4 name MANAGE-EXTERNAL default-action accept
set firewall ipv4 name MANAGE-EXTERNAL default-log
set firewall ipv4 name MANAGE-EXTERNAL rule 1 action accept
set firewall ipv4 name MANAGE-EXTERNAL rule 1 state established
set firewall ipv4 name MANAGE-EXTERNAL rule 2 action accept
set firewall ipv4 name MANAGE-EXTERNAL rule 2 state related
set firewall ipv4 name MANAGE-EXTERNAL rule 2 log
set firewall ipv4 name MANAGEMENT-EXTERNAL default-action accept
set firewall ipv4 name MANAGEMENT-EXTERNAL default-log
set firewall ipv4 name MANAGEMENT-EXTERNAL rule 1 action accept
set firewall ipv4 name MANAGEMENT-EXTERNAL rule 1 state established
set firewall ipv4 name MANAGEMENT-EXTERNAL rule 2 action accept
set firewall ipv4 name MANAGEMENT-EXTERNAL rule 2 state related
set firewall ipv4 name MANAGEMENT-EXTERNAL rule 2 log
set firewall ipv4 name CLIENT-EXTERNAL default-action accept
set firewall ipv4 name CLIENT-EXTERNAL default-log
set firewall ipv4 name CLIENT-EXTERNAL rule 1 action accept
set firewall ipv4 name CLIENT-EXTERNAL rule 1 state established
set firewall ipv4 name CLIENT-EXTERNAL rule 2 action accept
set firewall ipv4 name CLIENT-EXTERNAL rule 2 state related
set firewall ipv4 name CLIENT-EXTERNAL rule 2 log
set firewall ipv4 name SERVER-EXTERNAL default-action accept
set firewall ipv4 name SERVER-EXTERNAL default-log
set firewall ipv4 name SERVER-EXTERNAL rule 1 action accept
set firewall ipv4 name SERVER-EXTERNAL rule 1 state established
set firewall ipv4 name SERVER-EXTERNAL rule 2 action accept
set firewall ipv4 name SERVER-EXTERNAL rule 2 state related
set firewall ipv4 name SERVER-EXTERNAL rule 2 log
set firewall ipv4 name DMZ-EXTERNAL default-action accept
set firewall ipv4 name DMZ-EXTERNAL default-log
set firewall ipv4 name DMZ-EXTERNAL rule 1 action accept
set firewall ipv4 name DMZ-EXTERNAL rule 1 state established
set firewall ipv4 name DMZ-EXTERNAL rule 2 action accept
set firewall ipv4 name DMZ-EXTERNAL rule 2 state related
set firewall ipv4 name DMZ-EXTERNAL rule 2 log
set firewall ipv4 name PUBLIC-EXTERNAL default-action accept
set firewall ipv4 name PUBLIC-EXTERNAL default-log
set firewall ipv4 name PUBLIC-EXTERNAL rule 1 action accept
set firewall ipv4 name PUBLIC-EXTERNAL rule 1 state established
set firewall ipv4 name PUBLIC-EXTERNAL rule 2 action accept
set firewall ipv4 name PUBLIC-EXTERNAL rule 2 state related
set firewall ipv4 name PUBLIC-EXTERNAL rule 2 log
set firewall ipv4 name LOCAL-MANAGEMENT default-action accept
set firewall ipv4 name LOCAL-MANAGEMENT default-log
set firewall ipv4 name LOCAL-MANAGEMENT rule 1 action accept
set firewall ipv4 name LOCAL-MANAGEMENT rule 1 state established
set firewall ipv4 name LOCAL-MANAGEMENT rule 2 action accept
set firewall ipv4 name LOCAL-MANAGEMENT rule 2 state related
set firewall ipv4 name LOCAL-MANAGEMENT rule 2 log
set firewall ipv4 name MANAGE-MANAGEMENT default-action accept
set firewall ipv4 name MANAGE-MANAGEMENT default-log
set firewall ipv4 name MANAGE-MANAGEMENT rule 1 action accept
set firewall ipv4 name MANAGE-MANAGEMENT rule 1 state established
set firewall ipv4 name MANAGE-MANAGEMENT rule 2 action accept
set firewall ipv4 name MANAGE-MANAGEMENT rule 2 state related
set firewall ipv4 name MANAGE-MANAGEMENT rule 2 log
set firewall ipv4 name EXTERNAL-MANAGEMENT default-action accept
set firewall ipv4 name EXTERNAL-MANAGEMENT default-log
set firewall ipv4 name EXTERNAL-MANAGEMENT rule 1 action accept
set firewall ipv4 name EXTERNAL-MANAGEMENT rule 1 state established
set firewall ipv4 name EXTERNAL-MANAGEMENT rule 2 action accept
set firewall ipv4 name EXTERNAL-MANAGEMENT rule 2 state related
set firewall ipv4 name EXTERNAL-MANAGEMENT rule 2 log
set firewall ipv4 name CLIENT-MANAGEMENT default-action accept
set firewall ipv4 name CLIENT-MANAGEMENT default-log
set firewall ipv4 name CLIENT-MANAGEMENT rule 1 action accept
set firewall ipv4 name CLIENT-MANAGEMENT rule 1 state established
set firewall ipv4 name CLIENT-MANAGEMENT rule 2 action accept
set firewall ipv4 name CLIENT-MANAGEMENT rule 2 state related
set firewall ipv4 name CLIENT-MANAGEMENT rule 2 log
set firewall ipv4 name SERVER-MANAGEMENT default-action accept
set firewall ipv4 name SERVER-MANAGEMENT default-log
set firewall ipv4 name SERVER-MANAGEMENT rule 1 action accept
set firewall ipv4 name SERVER-MANAGEMENT rule 1 state established
set firewall ipv4 name SERVER-MANAGEMENT rule 2 action accept
set firewall ipv4 name SERVER-MANAGEMENT rule 2 state related
set firewall ipv4 name SERVER-MANAGEMENT rule 2 log
set firewall ipv4 name DMZ-MANAGEMENT default-action accept
set firewall ipv4 name DMZ-MANAGEMENT default-log
set firewall ipv4 name DMZ-MANAGEMENT rule 1 action accept
set firewall ipv4 name DMZ-MANAGEMENT rule 1 state established
set firewall ipv4 name DMZ-MANAGEMENT rule 2 action accept
set firewall ipv4 name DMZ-MANAGEMENT rule 2 state related
set firewall ipv4 name DMZ-MANAGEMENT rule 2 log
set firewall ipv4 name PUBLIC-MANAGEMENT default-action accept
set firewall ipv4 name PUBLIC-MANAGEMENT default-log
set firewall ipv4 name PUBLIC-MANAGEMENT rule 1 action accept
set firewall ipv4 name PUBLIC-MANAGEMENT rule 1 state established
set firewall ipv4 name PUBLIC-MANAGEMENT rule 2 action accept
set firewall ipv4 name PUBLIC-MANAGEMENT rule 2 state related
set firewall ipv4 name PUBLIC-MANAGEMENT rule 2 log
set firewall ipv4 name LOCAL-CLIENT default-action accept
set firewall ipv4 name LOCAL-CLIENT default-log
set firewall ipv4 name LOCAL-CLIENT rule 1 action accept
set firewall ipv4 name LOCAL-CLIENT rule 1 state established
set firewall ipv4 name LOCAL-CLIENT rule 2 action accept
set firewall ipv4 name LOCAL-CLIENT rule 2 state related
set firewall ipv4 name LOCAL-CLIENT rule 2 log
set firewall ipv4 name MANAGE-CLIENT default-action accept
set firewall ipv4 name MANAGE-CLIENT default-log
set firewall ipv4 name MANAGE-CLIENT rule 1 action accept
set firewall ipv4 name MANAGE-CLIENT rule 1 state established
set firewall ipv4 name MANAGE-CLIENT rule 2 action accept
set firewall ipv4 name MANAGE-CLIENT rule 2 state related
set firewall ipv4 name MANAGE-CLIENT rule 2 log
set firewall ipv4 name EXTERNAL-CLIENT default-action accept
set firewall ipv4 name EXTERNAL-CLIENT default-log
set firewall ipv4 name EXTERNAL-CLIENT rule 1 action accept
set firewall ipv4 name EXTERNAL-CLIENT rule 1 state established
set firewall ipv4 name EXTERNAL-CLIENT rule 2 action accept
set firewall ipv4 name EXTERNAL-CLIENT rule 2 state related
set firewall ipv4 name EXTERNAL-CLIENT rule 2 log
set firewall ipv4 name MANAGEMENT-CLIENT default-action accept
set firewall ipv4 name MANAGEMENT-CLIENT default-log
set firewall ipv4 name MANAGEMENT-CLIENT rule 1 action accept
set firewall ipv4 name MANAGEMENT-CLIENT rule 1 state established
set firewall ipv4 name MANAGEMENT-CLIENT rule 2 action accept
set firewall ipv4 name MANAGEMENT-CLIENT rule 2 state related
set firewall ipv4 name MANAGEMENT-CLIENT rule 2 log
set firewall ipv4 name SERVER-CLIENT default-action accept
set firewall ipv4 name SERVER-CLIENT default-log
set firewall ipv4 name SERVER-CLIENT rule 1 action accept
set firewall ipv4 name SERVER-CLIENT rule 1 state established
set firewall ipv4 name SERVER-CLIENT rule 2 action accept
set firewall ipv4 name SERVER-CLIENT rule 2 state related
set firewall ipv4 name SERVER-CLIENT rule 2 log
set firewall ipv4 name DMZ-CLIENT default-action accept
set firewall ipv4 name DMZ-CLIENT default-log
set firewall ipv4 name DMZ-CLIENT rule 1 action accept
set firewall ipv4 name DMZ-CLIENT rule 1 state established
set firewall ipv4 name DMZ-CLIENT rule 2 action accept
set firewall ipv4 name DMZ-CLIENT rule 2 state related
set firewall ipv4 name DMZ-CLIENT rule 2 log
set firewall ipv4 name PUBLIC-CLIENT default-action accept
set firewall ipv4 name PUBLIC-CLIENT default-log
set firewall ipv4 name PUBLIC-CLIENT rule 1 action accept
set firewall ipv4 name PUBLIC-CLIENT rule 1 state established
set firewall ipv4 name PUBLIC-CLIENT rule 2 action accept
set firewall ipv4 name PUBLIC-CLIENT rule 2 state related
set firewall ipv4 name PUBLIC-CLIENT rule 2 log
set firewall ipv4 name LOCAL-SERVER default-action accept
set firewall ipv4 name LOCAL-SERVER default-log
set firewall ipv4 name LOCAL-SERVER rule 1 action accept
set firewall ipv4 name LOCAL-SERVER rule 1 state established
set firewall ipv4 name LOCAL-SERVER rule 2 action accept
set firewall ipv4 name LOCAL-SERVER rule 2 state related
set firewall ipv4 name LOCAL-SERVER rule 2 log
set firewall ipv4 name MANAGE-SERVER default-action accept
set firewall ipv4 name MANAGE-SERVER default-log
set firewall ipv4 name MANAGE-SERVER rule 1 action accept
set firewall ipv4 name MANAGE-SERVER rule 1 state established
set firewall ipv4 name MANAGE-SERVER rule 2 action accept
set firewall ipv4 name MANAGE-SERVER rule 2 state related
set firewall ipv4 name MANAGE-SERVER rule 2 log
set firewall ipv4 name EXTERNAL-SERVER default-action accept
set firewall ipv4 name EXTERNAL-SERVER default-log
set firewall ipv4 name EXTERNAL-SERVER rule 1 action accept
set firewall ipv4 name EXTERNAL-SERVER rule 1 state established
set firewall ipv4 name EXTERNAL-SERVER rule 2 action accept
set firewall ipv4 name EXTERNAL-SERVER rule 2 state related
set firewall ipv4 name EXTERNAL-SERVER rule 2 log
set firewall ipv4 name MANAGEMENT-SERVER default-action accept
set firewall ipv4 name MANAGEMENT-SERVER default-log
set firewall ipv4 name MANAGEMENT-SERVER rule 1 action accept
set firewall ipv4 name MANAGEMENT-SERVER rule 1 state established
set firewall ipv4 name MANAGEMENT-SERVER rule 2 action accept
set firewall ipv4 name MANAGEMENT-SERVER rule 2 state related
set firewall ipv4 name MANAGEMENT-SERVER rule 2 log
set firewall ipv4 name CLIENT-SERVER default-action accept
set firewall ipv4 name CLIENT-SERVER default-log
set firewall ipv4 name CLIENT-SERVER rule 1 action accept
set firewall ipv4 name CLIENT-SERVER rule 1 state established
set firewall ipv4 name CLIENT-SERVER rule 2 action accept
set firewall ipv4 name CLIENT-SERVER rule 2 state related
set firewall ipv4 name CLIENT-SERVER rule 2 log
set firewall ipv4 name DMZ-SERVER default-action accept
set firewall ipv4 name DMZ-SERVER default-log
set firewall ipv4 name DMZ-SERVER rule 1 action accept
set firewall ipv4 name DMZ-SERVER rule 1 state established
set firewall ipv4 name DMZ-SERVER rule 2 action accept
set firewall ipv4 name DMZ-SERVER rule 2 state related
set firewall ipv4 name DMZ-SERVER rule 2 log
set firewall ipv4 name PUBLIC-SERVER default-action accept
set firewall ipv4 name PUBLIC-SERVER default-log
set firewall ipv4 name PUBLIC-SERVER rule 1 action accept
set firewall ipv4 name PUBLIC-SERVER rule 1 state established
set firewall ipv4 name PUBLIC-SERVER rule 2 action accept
set firewall ipv4 name PUBLIC-SERVER rule 2 state related
set firewall ipv4 name PUBLIC-SERVER rule 2 log
set firewall ipv4 name LOCAL-DMZ default-action accept
set firewall ipv4 name LOCAL-DMZ default-log
set firewall ipv4 name LOCAL-DMZ rule 1 action accept
set firewall ipv4 name LOCAL-DMZ rule 1 state established
set firewall ipv4 name LOCAL-DMZ rule 2 action accept
set firewall ipv4 name LOCAL-DMZ rule 2 state related
set firewall ipv4 name LOCAL-DMZ rule 2 log
set firewall ipv4 name MANAGE-DMZ default-action accept
set firewall ipv4 name MANAGE-DMZ default-log
set firewall ipv4 name MANAGE-DMZ rule 1 action accept
set firewall ipv4 name MANAGE-DMZ rule 1 state established
set firewall ipv4 name MANAGE-DMZ rule 2 action accept
set firewall ipv4 name MANAGE-DMZ rule 2 state related
set firewall ipv4 name MANAGE-DMZ rule 2 log
set firewall ipv4 name EXTERNAL-DMZ default-action accept
set firewall ipv4 name EXTERNAL-DMZ default-log
set firewall ipv4 name EXTERNAL-DMZ rule 1 action accept
set firewall ipv4 name EXTERNAL-DMZ rule 1 state established
set firewall ipv4 name EXTERNAL-DMZ rule 2 action accept
set firewall ipv4 name EXTERNAL-DMZ rule 2 state related
set firewall ipv4 name EXTERNAL-DMZ rule 2 log
set firewall ipv4 name MANAGEMENT-DMZ default-action accept
set firewall ipv4 name MANAGEMENT-DMZ default-log
set firewall ipv4 name MANAGEMENT-DMZ rule 1 action accept
set firewall ipv4 name MANAGEMENT-DMZ rule 1 state established
set firewall ipv4 name MANAGEMENT-DMZ rule 2 action accept
set firewall ipv4 name MANAGEMENT-DMZ rule 2 state related
set firewall ipv4 name MANAGEMENT-DMZ rule 2 log
set firewall ipv4 name CLIENT-DMZ default-action accept
set firewall ipv4 name CLIENT-DMZ default-log
set firewall ipv4 name CLIENT-DMZ rule 1 action accept
set firewall ipv4 name CLIENT-DMZ rule 1 state established
set firewall ipv4 name CLIENT-DMZ rule 2 action accept
set firewall ipv4 name CLIENT-DMZ rule 2 state related
set firewall ipv4 name CLIENT-DMZ rule 2 log
set firewall ipv4 name SERVER-DMZ default-action accept
set firewall ipv4 name SERVER-DMZ default-log
set firewall ipv4 name SERVER-DMZ rule 1 action accept
set firewall ipv4 name SERVER-DMZ rule 1 state established
set firewall ipv4 name SERVER-DMZ rule 2 action accept
set firewall ipv4 name SERVER-DMZ rule 2 state related
set firewall ipv4 name SERVER-DMZ rule 2 log
set firewall ipv4 name PUBLIC-DMZ default-action accept
set firewall ipv4 name PUBLIC-DMZ default-log
set firewall ipv4 name PUBLIC-DMZ rule 1 action accept
set firewall ipv4 name PUBLIC-DMZ rule 1 state established
set firewall ipv4 name PUBLIC-DMZ rule 2 action accept
set firewall ipv4 name PUBLIC-DMZ rule 2 state related
set firewall ipv4 name PUBLIC-DMZ rule 2 log
set firewall ipv4 name LOCAL-PUBLIC default-action accept
set firewall ipv4 name LOCAL-PUBLIC default-log
set firewall ipv4 name LOCAL-PUBLIC rule 1 action accept
set firewall ipv4 name LOCAL-PUBLIC rule 1 state established
set firewall ipv4 name LOCAL-PUBLIC rule 2 action accept
set firewall ipv4 name LOCAL-PUBLIC rule 2 state related
set firewall ipv4 name LOCAL-PUBLIC rule 2 log
set firewall ipv4 name MANAGE-PUBLIC default-action accept
set firewall ipv4 name MANAGE-PUBLIC default-log
set firewall ipv4 name MANAGE-PUBLIC rule 1 action accept
set firewall ipv4 name MANAGE-PUBLIC rule 1 state established
set firewall ipv4 name MANAGE-PUBLIC rule 2 action accept
set firewall ipv4 name MANAGE-PUBLIC rule 2 state related
set firewall ipv4 name MANAGE-PUBLIC rule 2 log
set firewall ipv4 name EXTERNAL-PUBLIC default-action accept
set firewall ipv4 name EXTERNAL-PUBLIC default-log
set firewall ipv4 name EXTERNAL-PUBLIC rule 1 action accept
set firewall ipv4 name EXTERNAL-PUBLIC rule 1 state established
set firewall ipv4 name EXTERNAL-PUBLIC rule 2 action accept
set firewall ipv4 name EXTERNAL-PUBLIC rule 2 state related
set firewall ipv4 name EXTERNAL-PUBLIC rule 2 log
set firewall ipv4 name MANAGEMENT-PUBLIC default-action accept
set firewall ipv4 name MANAGEMENT-PUBLIC default-log
set firewall ipv4 name MANAGEMENT-PUBLIC rule 1 action accept
set firewall ipv4 name MANAGEMENT-PUBLIC rule 1 state established
set firewall ipv4 name MANAGEMENT-PUBLIC rule 2 action accept
set firewall ipv4 name MANAGEMENT-PUBLIC rule 2 state related
set firewall ipv4 name MANAGEMENT-PUBLIC rule 2 log
set firewall ipv4 name CLIENT-PUBLIC default-action accept
set firewall ipv4 name CLIENT-PUBLIC default-log
set firewall ipv4 name CLIENT-PUBLIC rule 1 action accept
set firewall ipv4 name CLIENT-PUBLIC rule 1 state established
set firewall ipv4 name CLIENT-PUBLIC rule 2 action accept
set firewall ipv4 name CLIENT-PUBLIC rule 2 state related
set firewall ipv4 name CLIENT-PUBLIC rule 2 log
set firewall ipv4 name SERVER-PUBLIC default-action accept
set firewall ipv4 name SERVER-PUBLIC default-log
set firewall ipv4 name SERVER-PUBLIC rule 1 action accept
set firewall ipv4 name SERVER-PUBLIC rule 1 state established
set firewall ipv4 name SERVER-PUBLIC rule 2 action accept
set firewall ipv4 name SERVER-PUBLIC rule 2 state related
set firewall ipv4 name SERVER-PUBLIC rule 2 log
set firewall ipv4 name DMZ-PUBLIC default-action accept
set firewall ipv4 name DMZ-PUBLIC default-log
set firewall ipv4 name DMZ-PUBLIC rule 1 action accept
set firewall ipv4 name DMZ-PUBLIC rule 1 state established
set firewall ipv4 name DMZ-PUBLIC rule 2 action accept
set firewall ipv4 name DMZ-PUBLIC rule 2 state related
set firewall ipv4 name DMZ-PUBLIC rule 2 log
I don’t see anything odd standing out looking at the ruleset. Initially thought you might have missed the pppoe interface in the zone config but I see it’s there. Are your pppoe and eth5 interfaces up/working?
Yes, both the pppoe and eth5 interfaces are up/working. Everything functions as intended until I add the firewall configuration to VyOS and commit it. If I use commit-confirm to apply the changes, the system becomes unresponsive, and after the specified minutes, VyOS reverts to the previous configuration.
The version of VyOS I am using is somewhat outdated. If it appears that there are no specific issues with the firewall configuration, I’m considering rebuilding it now and updating the image.
And if interface is part of non default vrf, try using such vrf in zone definition:
vyos@14# set firewall zone FOO interface
Possible completions:
<text> Interface associated with zone
<vrf> VRF associated with zone
eth0
eth1
eth2
eth3
lo
[edit]
vyos@14# set firewall zone FOO interface BAR
Of course, replace with appropriate zone name and vrf.
I greatly appreciate the insights regarding the issue.
After adding rules comprehensively, including VRF as shown in the configuration at the end, all communications now work without any problems.
However, when I execute sh log firewall, only the communications involving the LOCAL zone are logged. (Using sh log firewall | grep -v LOCAL displays nothing), even though there are communications happening between the DMZ and INTERROUTER zones.
Am I missing something here?
Any guidance or suggestions on this matter would be greatly appreciated. Thank you for your support.
set interfaces ethernet eth0 address '192.168.254.6/24'
set interfaces ethernet eth0 description 'ManagementInterface'
set interfaces ethernet eth0 vrf 'MANAGE-VRF'
set interfaces ethernet eth1 address 'dhcp'
set interfaces ethernet eth1 description 'External'
set interfaces ethernet eth1 vrf 'BACKBONE-VRF'
set interfaces ethernet eth2 address '192.168.0.2/24'
set interfaces ethernet eth2 description 'to router1'
set interfaces ethernet eth3 address '192.168.131.1/24'
set interfaces ethernet eth3 description 'DMZ'
set interfaces ethernet eth4 disable
set interfaces ethernet eth5 disable
set interfaces ethernet eth6 disable
set interfaces ethernet eth7 disable
set interfaces ethernet eth8 disable
set interfaces ethernet eth9 disable
set interfaces loopback lo
set interfaces pppoe pppoe0 authentication password 'password'
set interfaces pppoe pppoe0 authentication username 'myname@domain.name'
set interfaces pppoe pppoe0 description 'Public'
set interfaces pppoe pppoe0 ip adjust-mss '1414'
set interfaces pppoe pppoe0 source-interface 'eth1'
set nat destination rule 1 destination port '80'
set nat destination rule 1 inbound-interface name 'pppoe0'
set nat destination rule 1 protocol 'tcp'
set nat destination rule 1 translation address '192.168.131.9'
set nat destination rule 2 destination port '443'
set nat destination rule 2 inbound-interface name 'pppoe0'
set nat destination rule 2 protocol 'tcp'
set nat destination rule 2 translation address '192.168.131.9'
set nat destination rule 3 destination port '34084'
set nat destination rule 3 inbound-interface name 'pppoe0'
set nat destination rule 3 protocol 'tcp'
set nat destination rule 3 translation address '192.168.131.9'
set nat source rule 100 outbound-interface name 'pppoe0'
set nat source rule 100 translation address 'masquerade'
set protocols static route 10.0.0.0/8 blackhole
set protocols static route 172.16.0.0/12 blackhole
set protocols static route 192.168.0.0/16 blackhole
set protocols static route 192.168.129.0/24 next-hop 192.168.0.1
set protocols static route 192.168.130.0/24 next-hop 192.168.0.1
set service ntp server ntp.nict.jp
set service ssh vrf 'MANAGE-VRF'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'
set system time-zone 'Asia/Tokyo'
set vrf name BACKBONE-VRF table '200'
set vrf name MANAGE-VRF protocols static route 0.0.0.0/0 next-hop 192.168.254.1
set vrf name MANAGE-VRF table '100'
set firewall zone BACKBONE-VRF default-log
set firewall zone BACKBONE-VRF from DMZ firewall name 'DMZ-to-BACKBONE-VRF'
set firewall zone BACKBONE-VRF from EXTERNAL firewall name 'EXTERNAL-to-BACKBONE-VRF'
set firewall zone BACKBONE-VRF from INTERROUTER firewall name 'INTERROUTER-to-BACKBONE-VRF'
set firewall zone BACKBONE-VRF from LOCAL firewall name 'LOCAL-to-BACKBONE-VRF'
set firewall zone BACKBONE-VRF from MANAGE firewall name 'MANAGE-to-BACKBONE-VRF'
set firewall zone BACKBONE-VRF from MANAGE-VRF firewall name 'MANAGE-VRF-to-BACKBONE-VRF'
set firewall zone BACKBONE-VRF from PUBLIC firewall name 'PUBLIC-to-BACKBONE-VRF'
set firewall zone BACKBONE-VRF interface 'BACKBONE-VRF'
set firewall zone DMZ default-log
set firewall zone DMZ from BACKBONE-VRF firewall name 'BACKBONE-VRF-to-DMZ'
set firewall zone DMZ from EXTERNAL firewall name 'EXTERNAL-to-DMZ'
set firewall zone DMZ from INTERROUTER firewall name 'INTERROUTER-to-DMZ'
set firewall zone DMZ from LOCAL firewall name 'LOCAL-to-DMZ'
set firewall zone DMZ from MANAGE firewall name 'MANAGE-to-DMZ'
set firewall zone DMZ from MANAGE-VRF firewall name 'MANAGE-VRF-to-DMZ'
set firewall zone DMZ from PUBLIC firewall name 'PUBLIC-to-DMZ'
set firewall zone DMZ interface 'eth3'
set firewall zone EXTERNAL default-log
set firewall zone EXTERNAL from BACKBONE-VRF firewall name 'BACKBONE-VRF-to-EXTERNAL'
set firewall zone EXTERNAL from DMZ firewall name 'DMZ-to-EXTERNAL'
set firewall zone EXTERNAL from INTERROUTER firewall name 'INTERROUTER-to-EXTERNAL'
set firewall zone EXTERNAL from LOCAL firewall name 'LOCAL-to-EXTERNAL'
set firewall zone EXTERNAL from MANAGE firewall name 'MANAGE-to-EXTERNAL'
set firewall zone EXTERNAL from MANAGE-VRF firewall name 'MANAGE-VRF-to-EXTERNAL'
set firewall zone EXTERNAL from PUBLIC firewall name 'PUBLIC-to-EXTERNAL'
set firewall zone EXTERNAL interface 'eth1'
set firewall zone INTERROUTER default-log
set firewall zone INTERROUTER from BACKBONE-VRF firewall name 'BACKBONE-VRF-to-INTERROUTER'
set firewall zone INTERROUTER from DMZ firewall name 'DMZ-to-INTERROUTER'
set firewall zone INTERROUTER from EXTERNAL firewall name 'EXTERNAL-to-INTERROUTER'
set firewall zone INTERROUTER from LOCAL firewall name 'LOCAL-to-INTERROUTER'
set firewall zone INTERROUTER from MANAGE firewall name 'MANAGE-to-INTERROUTER'
set firewall zone INTERROUTER from MANAGE-VRF firewall name 'MANAGE-VRF-to-INTERROUTER'
set firewall zone INTERROUTER from PUBLIC firewall name 'PUBLIC-to-INTERROUTER'
set firewall zone INTERROUTER interface 'eth2'
set firewall zone LOCAL default-log
set firewall zone LOCAL from BACKBONE-VRF firewall name 'BACKBONE-VRF-to-LOCAL'
set firewall zone LOCAL from DMZ firewall name 'DMZ-to-LOCAL'
set firewall zone LOCAL from EXTERNAL firewall name 'EXTERNAL-to-LOCAL'
set firewall zone LOCAL from INTERROUTER firewall name 'INTERROUTER-to-LOCAL'
set firewall zone LOCAL from MANAGE firewall name 'MANAGE-to-LOCAL'
set firewall zone LOCAL from MANAGE-VRF firewall name 'MANAGE-VRF-to-LOCAL'
set firewall zone LOCAL from PUBLIC firewall name 'PUBLIC-to-LOCAL'
set firewall zone LOCAL local-zone
set firewall zone MANAGE default-log
set firewall zone MANAGE from BACKBONE-VRF firewall name 'BACKBONE-VRF-to-MANAGE'
set firewall zone MANAGE from DMZ firewall name 'DMZ-to-MANAGE'
set firewall zone MANAGE from EXTERNAL firewall name 'EXTERNAL-to-MANAGE'
set firewall zone MANAGE from INTERROUTER firewall name 'INTERROUTER-to-MANAGE'
set firewall zone MANAGE from LOCAL firewall name 'LOCAL-to-MANAGE'
set firewall zone MANAGE from MANAGE-VRF firewall name 'MANAGE-VRF-to-MANAGE'
set firewall zone MANAGE from PUBLIC firewall name 'PUBLIC-to-MANAGE'
set firewall zone MANAGE interface 'eth0'
set firewall zone MANAGE-VRF default-log
set firewall zone MANAGE-VRF from BACKBONE-VRF firewall name 'BACKBONE-VRF-to-MANAGE-VRF'
set firewall zone MANAGE-VRF from DMZ firewall name 'DMZ-to-MANAGE-VRF'
set firewall zone MANAGE-VRF from EXTERNAL firewall name 'EXTERNAL-to-MANAGE-VRF'
set firewall zone MANAGE-VRF from INTERROUTER firewall name 'INTERROUTER-to-MANAGE-VRF'
set firewall zone MANAGE-VRF from LOCAL firewall name 'LOCAL-to-MANAGE-VRF'
set firewall zone MANAGE-VRF from MANAGE firewall name 'MANAGE-to-MANAGE-VRF'
set firewall zone MANAGE-VRF from PUBLIC firewall name 'PUBLIC-to-MANAGE-VRF'
set firewall zone MANAGE-VRF interface 'MANAGE-VRF'
set firewall zone PUBLIC default-log
set firewall zone PUBLIC from BACKBONE-VRF firewall name 'BACKBONE-VRF-to-PUBLIC'
set firewall zone PUBLIC from DMZ firewall name 'DMZ-to-PUBLIC'
set firewall zone PUBLIC from EXTERNAL firewall name 'EXTERNAL-to-PUBLIC'
set firewall zone PUBLIC from INTERROUTER firewall name 'INTERROUTER-to-PUBLIC'
set firewall zone PUBLIC from LOCAL firewall name 'LOCAL-to-PUBLIC'
set firewall zone PUBLIC from MANAGE firewall name 'MANAGE-to-PUBLIC'
set firewall zone PUBLIC from MANAGE-VRF firewall name 'MANAGE-VRF-to-PUBLIC'
set firewall zone PUBLIC interface 'pppoe0'
set firewall ipv4 name BACKBONE-VRF-to-DMZ default-action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-DMZ default-log
set firewall ipv4 name BACKBONE-VRF-to-DMZ rule 1 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-DMZ rule 1 state 'established'
set firewall ipv4 name BACKBONE-VRF-to-DMZ rule 2 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-DMZ rule 2 log
set firewall ipv4 name BACKBONE-VRF-to-DMZ rule 2 state 'related'
set firewall ipv4 name BACKBONE-VRF-to-EXTERNAL default-action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-EXTERNAL default-log
set firewall ipv4 name BACKBONE-VRF-to-EXTERNAL rule 1 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-EXTERNAL rule 1 state 'established'
set firewall ipv4 name BACKBONE-VRF-to-EXTERNAL rule 2 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-EXTERNAL rule 2 log
set firewall ipv4 name BACKBONE-VRF-to-EXTERNAL rule 2 state 'related'
set firewall ipv4 name BACKBONE-VRF-to-INTERROUTER default-action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-INTERROUTER default-log
set firewall ipv4 name BACKBONE-VRF-to-INTERROUTER rule 1 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-INTERROUTER rule 1 state 'established'
set firewall ipv4 name BACKBONE-VRF-to-INTERROUTER rule 2 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-INTERROUTER rule 2 log
set firewall ipv4 name BACKBONE-VRF-to-INTERROUTER rule 2 state 'related'
set firewall ipv4 name BACKBONE-VRF-to-LOCAL default-action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-LOCAL default-log
set firewall ipv4 name BACKBONE-VRF-to-LOCAL rule 1 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-LOCAL rule 1 state 'established'
set firewall ipv4 name BACKBONE-VRF-to-LOCAL rule 2 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-LOCAL rule 2 log
set firewall ipv4 name BACKBONE-VRF-to-LOCAL rule 2 state 'related'
set firewall ipv4 name BACKBONE-VRF-to-MANAGE default-action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-MANAGE default-log
set firewall ipv4 name BACKBONE-VRF-to-MANAGE rule 1 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-MANAGE rule 1 state 'established'
set firewall ipv4 name BACKBONE-VRF-to-MANAGE rule 2 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-MANAGE rule 2 log
set firewall ipv4 name BACKBONE-VRF-to-MANAGE rule 2 state 'related'
set firewall ipv4 name BACKBONE-VRF-to-MANAGE-VRF default-action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-MANAGE-VRF default-log
set firewall ipv4 name BACKBONE-VRF-to-MANAGE-VRF rule 1 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-MANAGE-VRF rule 1 state 'established'
set firewall ipv4 name BACKBONE-VRF-to-MANAGE-VRF rule 2 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-MANAGE-VRF rule 2 log
set firewall ipv4 name BACKBONE-VRF-to-MANAGE-VRF rule 2 state 'related'
set firewall ipv4 name BACKBONE-VRF-to-PUBLIC default-action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-PUBLIC default-log
set firewall ipv4 name BACKBONE-VRF-to-PUBLIC rule 1 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-PUBLIC rule 1 state 'established'
set firewall ipv4 name BACKBONE-VRF-to-PUBLIC rule 2 action 'accept'
set firewall ipv4 name BACKBONE-VRF-to-PUBLIC rule 2 log
set firewall ipv4 name BACKBONE-VRF-to-PUBLIC rule 2 state 'related'
set firewall ipv4 name DMZ-to-BACKBONE-VRF default-action 'accept'
set firewall ipv4 name DMZ-to-BACKBONE-VRF default-log
set firewall ipv4 name DMZ-to-BACKBONE-VRF rule 1 action 'accept'
set firewall ipv4 name DMZ-to-BACKBONE-VRF rule 1 state 'established'
set firewall ipv4 name DMZ-to-BACKBONE-VRF rule 2 action 'accept'
set firewall ipv4 name DMZ-to-BACKBONE-VRF rule 2 log
set firewall ipv4 name DMZ-to-BACKBONE-VRF rule 2 state 'related'
set firewall ipv4 name DMZ-to-EXTERNAL default-action 'accept'
set firewall ipv4 name DMZ-to-EXTERNAL default-log
set firewall ipv4 name DMZ-to-EXTERNAL rule 1 action 'accept'
set firewall ipv4 name DMZ-to-EXTERNAL rule 1 state 'established'
set firewall ipv4 name DMZ-to-EXTERNAL rule 2 action 'accept'
set firewall ipv4 name DMZ-to-EXTERNAL rule 2 log
set firewall ipv4 name DMZ-to-EXTERNAL rule 2 state 'related'
set firewall ipv4 name DMZ-to-INTERROUTER default-action 'accept'
set firewall ipv4 name DMZ-to-INTERROUTER default-log
set firewall ipv4 name DMZ-to-INTERROUTER rule 1 action 'accept'
set firewall ipv4 name DMZ-to-INTERROUTER rule 1 state 'established'
set firewall ipv4 name DMZ-to-INTERROUTER rule 2 action 'accept'
set firewall ipv4 name DMZ-to-INTERROUTER rule 2 log
set firewall ipv4 name DMZ-to-INTERROUTER rule 2 state 'related'
set firewall ipv4 name DMZ-to-LOCAL default-action 'accept'
set firewall ipv4 name DMZ-to-LOCAL default-log
set firewall ipv4 name DMZ-to-LOCAL rule 1 action 'accept'
set firewall ipv4 name DMZ-to-LOCAL rule 1 state 'established'
set firewall ipv4 name DMZ-to-LOCAL rule 2 action 'accept'
set firewall ipv4 name DMZ-to-LOCAL rule 2 log
set firewall ipv4 name DMZ-to-LOCAL rule 2 state 'related'
set firewall ipv4 name DMZ-to-MANAGE default-action 'accept'
set firewall ipv4 name DMZ-to-MANAGE default-log
set firewall ipv4 name DMZ-to-MANAGE rule 1 action 'accept'
set firewall ipv4 name DMZ-to-MANAGE rule 1 state 'established'
set firewall ipv4 name DMZ-to-MANAGE rule 2 action 'accept'
set firewall ipv4 name DMZ-to-MANAGE rule 2 log
set firewall ipv4 name DMZ-to-MANAGE rule 2 state 'related'
set firewall ipv4 name DMZ-to-MANAGE-VRF default-action 'accept'
set firewall ipv4 name DMZ-to-MANAGE-VRF default-log
set firewall ipv4 name DMZ-to-MANAGE-VRF rule 1 action 'accept'
set firewall ipv4 name DMZ-to-MANAGE-VRF rule 1 state 'established'
set firewall ipv4 name DMZ-to-MANAGE-VRF rule 2 action 'accept'
set firewall ipv4 name DMZ-to-MANAGE-VRF rule 2 log
set firewall ipv4 name DMZ-to-MANAGE-VRF rule 2 state 'related'
set firewall ipv4 name DMZ-to-PUBLIC default-action 'accept'
set firewall ipv4 name DMZ-to-PUBLIC default-log
set firewall ipv4 name DMZ-to-PUBLIC rule 1 action 'accept'
set firewall ipv4 name DMZ-to-PUBLIC rule 1 state 'established'
set firewall ipv4 name DMZ-to-PUBLIC rule 2 action 'accept'
set firewall ipv4 name DMZ-to-PUBLIC rule 2 log
set firewall ipv4 name DMZ-to-PUBLIC rule 2 state 'related'
set firewall ipv4 name EXTERNAL-to-BACKBONE-VRF default-action 'accept'
set firewall ipv4 name EXTERNAL-to-BACKBONE-VRF default-log
set firewall ipv4 name EXTERNAL-to-BACKBONE-VRF rule 1 action 'accept'
set firewall ipv4 name EXTERNAL-to-BACKBONE-VRF rule 1 state 'established'
set firewall ipv4 name EXTERNAL-to-BACKBONE-VRF rule 2 action 'accept'
set firewall ipv4 name EXTERNAL-to-BACKBONE-VRF rule 2 log
set firewall ipv4 name EXTERNAL-to-BACKBONE-VRF rule 2 state 'related'
set firewall ipv4 name EXTERNAL-to-DMZ default-action 'accept'
set firewall ipv4 name EXTERNAL-to-DMZ default-log
set firewall ipv4 name EXTERNAL-to-DMZ rule 1 action 'accept'
set firewall ipv4 name EXTERNAL-to-DMZ rule 1 state 'established'
set firewall ipv4 name EXTERNAL-to-DMZ rule 2 action 'accept'
set firewall ipv4 name EXTERNAL-to-DMZ rule 2 log
set firewall ipv4 name EXTERNAL-to-DMZ rule 2 state 'related'
set firewall ipv4 name EXTERNAL-to-INTERROUTER default-action 'accept'
set firewall ipv4 name EXTERNAL-to-INTERROUTER default-log
set firewall ipv4 name EXTERNAL-to-INTERROUTER rule 1 action 'accept'
set firewall ipv4 name EXTERNAL-to-INTERROUTER rule 1 state 'established'
set firewall ipv4 name EXTERNAL-to-INTERROUTER rule 2 action 'accept'
set firewall ipv4 name EXTERNAL-to-INTERROUTER rule 2 log
set firewall ipv4 name EXTERNAL-to-INTERROUTER rule 2 state 'related'
set firewall ipv4 name EXTERNAL-to-LOCAL default-action 'accept'
set firewall ipv4 name EXTERNAL-to-LOCAL default-log
set firewall ipv4 name EXTERNAL-to-LOCAL rule 1 action 'accept'
set firewall ipv4 name EXTERNAL-to-LOCAL rule 1 state 'established'
set firewall ipv4 name EXTERNAL-to-LOCAL rule 2 action 'accept'
set firewall ipv4 name EXTERNAL-to-LOCAL rule 2 log
set firewall ipv4 name EXTERNAL-to-LOCAL rule 2 state 'related'
set firewall ipv4 name EXTERNAL-to-MANAGE default-action 'accept'
set firewall ipv4 name EXTERNAL-to-MANAGE default-log
set firewall ipv4 name EXTERNAL-to-MANAGE rule 1 action 'accept'
set firewall ipv4 name EXTERNAL-to-MANAGE rule 1 state 'established'
set firewall ipv4 name EXTERNAL-to-MANAGE rule 2 action 'accept'
set firewall ipv4 name EXTERNAL-to-MANAGE rule 2 log
set firewall ipv4 name EXTERNAL-to-MANAGE rule 2 state 'related'
set firewall ipv4 name EXTERNAL-to-MANAGE-VRF default-action 'accept'
set firewall ipv4 name EXTERNAL-to-MANAGE-VRF default-log
set firewall ipv4 name EXTERNAL-to-MANAGE-VRF rule 1 action 'accept'
set firewall ipv4 name EXTERNAL-to-MANAGE-VRF rule 1 state 'established'
set firewall ipv4 name EXTERNAL-to-MANAGE-VRF rule 2 action 'accept'
set firewall ipv4 name EXTERNAL-to-MANAGE-VRF rule 2 log
set firewall ipv4 name EXTERNAL-to-MANAGE-VRF rule 2 state 'related'
set firewall ipv4 name EXTERNAL-to-PUBLIC default-action 'accept'
set firewall ipv4 name EXTERNAL-to-PUBLIC default-log
set firewall ipv4 name EXTERNAL-to-PUBLIC rule 1 action 'accept'
set firewall ipv4 name EXTERNAL-to-PUBLIC rule 1 state 'established'
set firewall ipv4 name EXTERNAL-to-PUBLIC rule 2 action 'accept'
set firewall ipv4 name EXTERNAL-to-PUBLIC rule 2 log
set firewall ipv4 name EXTERNAL-to-PUBLIC rule 2 state 'related'
set firewall ipv4 name INTERROUTER-to-BACKBONE-VRF default-action 'accept'
set firewall ipv4 name INTERROUTER-to-BACKBONE-VRF default-log
set firewall ipv4 name INTERROUTER-to-BACKBONE-VRF rule 1 action 'accept'
set firewall ipv4 name INTERROUTER-to-BACKBONE-VRF rule 1 state 'established'
set firewall ipv4 name INTERROUTER-to-BACKBONE-VRF rule 2 action 'accept'
set firewall ipv4 name INTERROUTER-to-BACKBONE-VRF rule 2 log
set firewall ipv4 name INTERROUTER-to-BACKBONE-VRF rule 2 state 'related'
set firewall ipv4 name INTERROUTER-to-DMZ default-action 'accept'
set firewall ipv4 name INTERROUTER-to-DMZ default-log
set firewall ipv4 name INTERROUTER-to-DMZ rule 1 action 'accept'
set firewall ipv4 name INTERROUTER-to-DMZ rule 1 state 'established'
set firewall ipv4 name INTERROUTER-to-DMZ rule 2 action 'accept'
set firewall ipv4 name INTERROUTER-to-DMZ rule 2 log
set firewall ipv4 name INTERROUTER-to-DMZ rule 2 state 'related'
set firewall ipv4 name INTERROUTER-to-EXTERNAL default-action 'accept'
set firewall ipv4 name INTERROUTER-to-EXTERNAL default-log
set firewall ipv4 name INTERROUTER-to-EXTERNAL rule 1 action 'accept'
set firewall ipv4 name INTERROUTER-to-EXTERNAL rule 1 state 'established'
set firewall ipv4 name INTERROUTER-to-EXTERNAL rule 2 action 'accept'
set firewall ipv4 name INTERROUTER-to-EXTERNAL rule 2 log
set firewall ipv4 name INTERROUTER-to-EXTERNAL rule 2 state 'related'
set firewall ipv4 name INTERROUTER-to-LOCAL default-action 'accept'
set firewall ipv4 name INTERROUTER-to-LOCAL default-log
set firewall ipv4 name INTERROUTER-to-LOCAL rule 1 action 'accept'
set firewall ipv4 name INTERROUTER-to-LOCAL rule 1 state 'established'
set firewall ipv4 name INTERROUTER-to-LOCAL rule 2 action 'accept'
set firewall ipv4 name INTERROUTER-to-LOCAL rule 2 log
set firewall ipv4 name INTERROUTER-to-LOCAL rule 2 state 'related'
set firewall ipv4 name INTERROUTER-to-MANAGE default-action 'accept'
set firewall ipv4 name INTERROUTER-to-MANAGE default-log
set firewall ipv4 name INTERROUTER-to-MANAGE rule 1 action 'accept'
set firewall ipv4 name INTERROUTER-to-MANAGE rule 1 state 'established'
set firewall ipv4 name INTERROUTER-to-MANAGE rule 2 action 'accept'
set firewall ipv4 name INTERROUTER-to-MANAGE rule 2 log
set firewall ipv4 name INTERROUTER-to-MANAGE rule 2 state 'related'
set firewall ipv4 name INTERROUTER-to-MANAGE-VRF default-action 'accept'
set firewall ipv4 name INTERROUTER-to-MANAGE-VRF default-log
set firewall ipv4 name INTERROUTER-to-MANAGE-VRF rule 1 action 'accept'
set firewall ipv4 name INTERROUTER-to-MANAGE-VRF rule 1 state 'established'
set firewall ipv4 name INTERROUTER-to-MANAGE-VRF rule 2 action 'accept'
set firewall ipv4 name INTERROUTER-to-MANAGE-VRF rule 2 log
set firewall ipv4 name INTERROUTER-to-MANAGE-VRF rule 2 state 'related'
set firewall ipv4 name INTERROUTER-to-PUBLIC default-action 'accept'
set firewall ipv4 name INTERROUTER-to-PUBLIC default-log
set firewall ipv4 name INTERROUTER-to-PUBLIC rule 1 action 'accept'
set firewall ipv4 name INTERROUTER-to-PUBLIC rule 1 state 'established'
set firewall ipv4 name INTERROUTER-to-PUBLIC rule 2 action 'accept'
set firewall ipv4 name INTERROUTER-to-PUBLIC rule 2 log
set firewall ipv4 name INTERROUTER-to-PUBLIC rule 2 state 'related'
set firewall ipv4 name LOCAL-to-BACKBONE-VRF default-action 'accept'
set firewall ipv4 name LOCAL-to-BACKBONE-VRF default-log
set firewall ipv4 name LOCAL-to-BACKBONE-VRF rule 1 action 'accept'
set firewall ipv4 name LOCAL-to-BACKBONE-VRF rule 1 state 'established'
set firewall ipv4 name LOCAL-to-BACKBONE-VRF rule 2 action 'accept'
set firewall ipv4 name LOCAL-to-BACKBONE-VRF rule 2 log
set firewall ipv4 name LOCAL-to-BACKBONE-VRF rule 2 state 'related'
set firewall ipv4 name LOCAL-to-DMZ default-action 'accept'
set firewall ipv4 name LOCAL-to-DMZ default-log
set firewall ipv4 name LOCAL-to-DMZ rule 1 action 'accept'
set firewall ipv4 name LOCAL-to-DMZ rule 1 state 'established'
set firewall ipv4 name LOCAL-to-DMZ rule 2 action 'accept'
set firewall ipv4 name LOCAL-to-DMZ rule 2 log
set firewall ipv4 name LOCAL-to-DMZ rule 2 state 'related'
set firewall ipv4 name LOCAL-to-EXTERNAL default-action 'accept'
set firewall ipv4 name LOCAL-to-EXTERNAL default-log
set firewall ipv4 name LOCAL-to-EXTERNAL rule 1 action 'accept'
set firewall ipv4 name LOCAL-to-EXTERNAL rule 1 state 'established'
set firewall ipv4 name LOCAL-to-EXTERNAL rule 2 action 'accept'
set firewall ipv4 name LOCAL-to-EXTERNAL rule 2 log
set firewall ipv4 name LOCAL-to-EXTERNAL rule 2 state 'related'
set firewall ipv4 name LOCAL-to-INTERROUTER default-action 'accept'
set firewall ipv4 name LOCAL-to-INTERROUTER default-log
set firewall ipv4 name LOCAL-to-INTERROUTER rule 1 action 'accept'
set firewall ipv4 name LOCAL-to-INTERROUTER rule 1 state 'established'
set firewall ipv4 name LOCAL-to-INTERROUTER rule 2 action 'accept'
set firewall ipv4 name LOCAL-to-INTERROUTER rule 2 log
set firewall ipv4 name LOCAL-to-INTERROUTER rule 2 state 'related'
set firewall ipv4 name LOCAL-to-MANAGE default-action 'accept'
set firewall ipv4 name LOCAL-to-MANAGE default-log
set firewall ipv4 name LOCAL-to-MANAGE rule 1 action 'accept'
set firewall ipv4 name LOCAL-to-MANAGE rule 1 state 'established'
set firewall ipv4 name LOCAL-to-MANAGE rule 2 action 'accept'
set firewall ipv4 name LOCAL-to-MANAGE rule 2 log
set firewall ipv4 name LOCAL-to-MANAGE rule 2 state 'related'
set firewall ipv4 name LOCAL-to-MANAGE-VRF default-action 'accept'
set firewall ipv4 name LOCAL-to-MANAGE-VRF default-log
set firewall ipv4 name LOCAL-to-MANAGE-VRF rule 1 action 'accept'
set firewall ipv4 name LOCAL-to-MANAGE-VRF rule 1 state 'established'
set firewall ipv4 name LOCAL-to-MANAGE-VRF rule 2 action 'accept'
set firewall ipv4 name LOCAL-to-MANAGE-VRF rule 2 log
set firewall ipv4 name LOCAL-to-MANAGE-VRF rule 2 state 'related'
set firewall ipv4 name LOCAL-to-PUBLIC default-action 'accept'
set firewall ipv4 name LOCAL-to-PUBLIC default-log
set firewall ipv4 name LOCAL-to-PUBLIC rule 1 action 'accept'
set firewall ipv4 name LOCAL-to-PUBLIC rule 1 state 'established'
set firewall ipv4 name LOCAL-to-PUBLIC rule 2 action 'accept'
set firewall ipv4 name LOCAL-to-PUBLIC rule 2 log
set firewall ipv4 name LOCAL-to-PUBLIC rule 2 state 'related'
set firewall ipv4 name MANAGE-VRF-to-BACKBONE-VRF default-action 'accept'
set firewall ipv4 name MANAGE-VRF-to-BACKBONE-VRF default-log
set firewall ipv4 name MANAGE-VRF-to-BACKBONE-VRF rule 1 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-BACKBONE-VRF rule 1 state 'established'
set firewall ipv4 name MANAGE-VRF-to-BACKBONE-VRF rule 2 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-BACKBONE-VRF rule 2 log
set firewall ipv4 name MANAGE-VRF-to-BACKBONE-VRF rule 2 state 'related'
set firewall ipv4 name MANAGE-VRF-to-DMZ default-action 'accept'
set firewall ipv4 name MANAGE-VRF-to-DMZ default-log
set firewall ipv4 name MANAGE-VRF-to-DMZ rule 1 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-DMZ rule 1 state 'established'
set firewall ipv4 name MANAGE-VRF-to-DMZ rule 2 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-DMZ rule 2 log
set firewall ipv4 name MANAGE-VRF-to-DMZ rule 2 state 'related'
set firewall ipv4 name MANAGE-VRF-to-EXTERNAL default-action 'accept'
set firewall ipv4 name MANAGE-VRF-to-EXTERNAL default-log
set firewall ipv4 name MANAGE-VRF-to-EXTERNAL rule 1 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-EXTERNAL rule 1 state 'established'
set firewall ipv4 name MANAGE-VRF-to-EXTERNAL rule 2 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-EXTERNAL rule 2 log
set firewall ipv4 name MANAGE-VRF-to-EXTERNAL rule 2 state 'related'
set firewall ipv4 name MANAGE-VRF-to-INTERROUTER default-action 'accept'
set firewall ipv4 name MANAGE-VRF-to-INTERROUTER default-log
set firewall ipv4 name MANAGE-VRF-to-INTERROUTER rule 1 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-INTERROUTER rule 1 state 'established'
set firewall ipv4 name MANAGE-VRF-to-INTERROUTER rule 2 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-INTERROUTER rule 2 log
set firewall ipv4 name MANAGE-VRF-to-INTERROUTER rule 2 state 'related'
set firewall ipv4 name MANAGE-VRF-to-LOCAL default-action 'accept'
set firewall ipv4 name MANAGE-VRF-to-LOCAL default-log
set firewall ipv4 name MANAGE-VRF-to-LOCAL rule 1 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-LOCAL rule 1 state 'established'
set firewall ipv4 name MANAGE-VRF-to-LOCAL rule 2 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-LOCAL rule 2 log
set firewall ipv4 name MANAGE-VRF-to-LOCAL rule 2 state 'related'
set firewall ipv4 name MANAGE-VRF-to-MANAGE default-action 'accept'
set firewall ipv4 name MANAGE-VRF-to-MANAGE default-log
set firewall ipv4 name MANAGE-VRF-to-MANAGE rule 1 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-MANAGE rule 1 state 'established'
set firewall ipv4 name MANAGE-VRF-to-MANAGE rule 2 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-MANAGE rule 2 log
set firewall ipv4 name MANAGE-VRF-to-MANAGE rule 2 state 'related'
set firewall ipv4 name MANAGE-VRF-to-PUBLIC default-action 'accept'
set firewall ipv4 name MANAGE-VRF-to-PUBLIC default-log
set firewall ipv4 name MANAGE-VRF-to-PUBLIC rule 1 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-PUBLIC rule 1 state 'established'
set firewall ipv4 name MANAGE-VRF-to-PUBLIC rule 2 action 'accept'
set firewall ipv4 name MANAGE-VRF-to-PUBLIC rule 2 log
set firewall ipv4 name MANAGE-VRF-to-PUBLIC rule 2 state 'related'
set firewall ipv4 name MANAGE-to-BACKBONE-VRF default-action 'accept'
set firewall ipv4 name MANAGE-to-BACKBONE-VRF default-log
set firewall ipv4 name MANAGE-to-BACKBONE-VRF rule 1 action 'accept'
set firewall ipv4 name MANAGE-to-BACKBONE-VRF rule 1 state 'established'
set firewall ipv4 name MANAGE-to-BACKBONE-VRF rule 2 action 'accept'
set firewall ipv4 name MANAGE-to-BACKBONE-VRF rule 2 log
set firewall ipv4 name MANAGE-to-BACKBONE-VRF rule 2 state 'related'
set firewall ipv4 name MANAGE-to-DMZ default-action 'accept'
set firewall ipv4 name MANAGE-to-DMZ default-log
set firewall ipv4 name MANAGE-to-DMZ rule 1 action 'accept'
set firewall ipv4 name MANAGE-to-DMZ rule 1 state 'established'
set firewall ipv4 name MANAGE-to-DMZ rule 2 action 'accept'
set firewall ipv4 name MANAGE-to-DMZ rule 2 log
set firewall ipv4 name MANAGE-to-DMZ rule 2 state 'related'
set firewall ipv4 name MANAGE-to-EXTERNAL default-action 'accept'
set firewall ipv4 name MANAGE-to-EXTERNAL default-log
set firewall ipv4 name MANAGE-to-EXTERNAL rule 1 action 'accept'
set firewall ipv4 name MANAGE-to-EXTERNAL rule 1 state 'established'
set firewall ipv4 name MANAGE-to-EXTERNAL rule 2 action 'accept'
set firewall ipv4 name MANAGE-to-EXTERNAL rule 2 log
set firewall ipv4 name MANAGE-to-EXTERNAL rule 2 state 'related'
set firewall ipv4 name MANAGE-to-INTERROUTER default-action 'accept'
set firewall ipv4 name MANAGE-to-INTERROUTER default-log
set firewall ipv4 name MANAGE-to-INTERROUTER rule 1 action 'accept'
set firewall ipv4 name MANAGE-to-INTERROUTER rule 1 state 'established'
set firewall ipv4 name MANAGE-to-INTERROUTER rule 2 action 'accept'
set firewall ipv4 name MANAGE-to-INTERROUTER rule 2 log
set firewall ipv4 name MANAGE-to-INTERROUTER rule 2 state 'related'
set firewall ipv4 name MANAGE-to-LOCAL default-action 'accept'
set firewall ipv4 name MANAGE-to-LOCAL default-log
set firewall ipv4 name MANAGE-to-LOCAL rule 1 action 'accept'
set firewall ipv4 name MANAGE-to-LOCAL rule 1 state 'established'
set firewall ipv4 name MANAGE-to-LOCAL rule 2 action 'accept'
set firewall ipv4 name MANAGE-to-LOCAL rule 2 log
set firewall ipv4 name MANAGE-to-LOCAL rule 2 state 'related'
set firewall ipv4 name MANAGE-to-MANAGE-VRF default-action 'accept'
set firewall ipv4 name MANAGE-to-MANAGE-VRF default-log
set firewall ipv4 name MANAGE-to-MANAGE-VRF rule 1 action 'accept'
set firewall ipv4 name MANAGE-to-MANAGE-VRF rule 1 state 'established'
set firewall ipv4 name MANAGE-to-MANAGE-VRF rule 2 action 'accept'
set firewall ipv4 name MANAGE-to-MANAGE-VRF rule 2 log
set firewall ipv4 name MANAGE-to-MANAGE-VRF rule 2 state 'related'
set firewall ipv4 name MANAGE-to-PUBLIC default-action 'accept'
set firewall ipv4 name MANAGE-to-PUBLIC default-log
set firewall ipv4 name MANAGE-to-PUBLIC rule 1 action 'accept'
set firewall ipv4 name MANAGE-to-PUBLIC rule 1 state 'established'
set firewall ipv4 name MANAGE-to-PUBLIC rule 2 action 'accept'
set firewall ipv4 name MANAGE-to-PUBLIC rule 2 log
set firewall ipv4 name MANAGE-to-PUBLIC rule 2 state 'related'
set firewall ipv4 name PUBLIC-to-BACKBONE-VRF default-action 'accept'
set firewall ipv4 name PUBLIC-to-BACKBONE-VRF default-log
set firewall ipv4 name PUBLIC-to-BACKBONE-VRF rule 1 action 'accept'
set firewall ipv4 name PUBLIC-to-BACKBONE-VRF rule 1 state 'established'
set firewall ipv4 name PUBLIC-to-BACKBONE-VRF rule 2 action 'accept'
set firewall ipv4 name PUBLIC-to-BACKBONE-VRF rule 2 log
set firewall ipv4 name PUBLIC-to-BACKBONE-VRF rule 2 state 'related'
set firewall ipv4 name PUBLIC-to-DMZ default-action 'accept'
set firewall ipv4 name PUBLIC-to-DMZ default-log
set firewall ipv4 name PUBLIC-to-DMZ rule 1 action 'accept'
set firewall ipv4 name PUBLIC-to-DMZ rule 1 state 'established'
set firewall ipv4 name PUBLIC-to-DMZ rule 2 action 'accept'
set firewall ipv4 name PUBLIC-to-DMZ rule 2 log
set firewall ipv4 name PUBLIC-to-DMZ rule 2 state 'related'
set firewall ipv4 name PUBLIC-to-EXTERNAL default-action 'accept'
set firewall ipv4 name PUBLIC-to-EXTERNAL default-log
:
:
(Omitted because of its length.)
:
:
set firewall ipv4 name PUBLIC-to-INTERROUTER default-log
:
:
(Omitted because of its length.)
:
:
set firewall ipv4 name PUBLIC-to-LOCAL default-log
:
:
(Omitted because of its length.)
:
:
set firewall ipv4 name PUBLIC-to-MANAGE default-log
:
:
(Omitted because of its length.)
:
:
set firewall ipv4 name PUBLIC-to-MANAGE-VRF default-log
:
:
(Omitted because of its length.)