Virtual Router/ Firewall/ VPN

Frequent Visitor
Posts: 1
Registered: ‎05-23-2017

vRouter 5600 5.2R5 firewall drop return packets


I am configuring vRouter 5600 (5.2R5) , especcialy Interface-based firewall.

I have heard of specification change regarding stateful firewall from Release 5.1
(The vRouter with the stateful firewall feature enabled globally doesn't generate accept rules automatically for the return packets which arrive at outside interface)

I have a question about the firewall configuration to permit traffic initiated by vRouter itself.
(such as NTP, dns lookup, icmp, ssh login to other routers)

When above types of communications are issued , they bypass "local" firewall and "in" firewall, then the return packets are dropped by
"local" firewall or "in" firewall.

If I added accept rules for the return packets, these traffics come to not to be dropped, but I want to avoid this configuration because  it's complicated.

Is it possible to configure firewall to accept return packets without adding accept rules ?


Thank you


Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.