Using the firewall endpoint-independent filter enable, you can enable the independent end point filtering function.
Using the undo firewall endpoint-independent filter enable, you can disable the independent end point filtering function.
This command is valid only for NAT 3-tuples, NAT64 3-tuples and PCP, but not DS-Lite 3-tuples.
After this function is enabled, the FW matches the packet sent by an Internet user to communicates with an intranet user with the server-map table. The FW translates the addresses based on the mapping in the destination server map table and forwards the packet without performing security policy. If the function is disabled, the FW searches for a matching security policy rule and determines whether to forward the packet.
The administrator determines whether to enable the independent end point filtering function or configure security policy rules in interzones.
By default, the independent end point filtering function is enabled.