Screen OS

Hi all,

I am having a problem with inter VSYS routing using a shared DMZ zone. I am having some behaviour which I don't think is correct. I have created 2 x test VSYS. I have created a 'shared' DMZ zone & VR. I have then assigned the 2 test VSYS to that shared DMZ zone. I have then added routes in the shared DMZ VR to point to the networks behind each vsys. I can then thing ping each inside interface on the opposite VSYS which is good because traffic is routing etc. The problem is that it is doing this without any policies at all. It's letting any traffic pass between them? I would of thought you would have had to create policies on each VSYS? When I do a debug it's not showing anything. 

I want the networks to be protected from each other. Any info appreciated. 

Thanks

diagram attached.  

The VSYS routing could be done by the following method:

export port would be one exit with the static routing;

Sorry, I am not sure what you mean by that? Could you elaborate?

Here is a working configuration :

http://itbowl.blogspot.com/2010/06/configuring-routing-between-2-custom.html

Hope this helps.

Cheers

Thank you, that's great.