Allowing system communications in Access rules
You must add Access rules for some types of communication between SMC components.
The necessary communications between the engine and other SMC components are allowed in the predefined Firewall Template Policy, IPS Template, and Layer 2 Firewall Template. However, the predefined templates do not allow other SMC components to communicate through the engine to some third SMC component.
- Management and monitoring connections to/from the remote engine.
- Monitoring and log browsing connections from the central site to the remote Log Server.
- Any remote-site Management Client connections to the Management Server at the central site.
If NAT is applied to the connections, Access rules alone are not enough. You must also create Location elements and add Contact Addresses for the elements to define which translated addresses are necessary for making contact.
If you have inline IPS engines or Layer 2 Engines, be careful that you do not define rules that would prevent other SMC components from communicating with each other.
There are predefined Service elements for all system communications. You can use these elements to create Access rules.