I want to put in the dual sim fail over support as described in AN15 but am not sure if I would put those FW rules at the top or bottom of my current FW.
Here is my current FW.txt:
0 1 #Allow outbound FTP traffic
0 2 pass out break end proto ftp from any to any port=ftpcnt flags S!A inspect-state
0 3 #Allow any other outbound traffic and the replies back in
583985 4 pass out break end inspect-state
0 5 #Allow incoming IPSEC
188197 6 pass break end proto 50
0 7 pass in break end proto udp from any to any port=ike
60 8 pass in break end proto udp from any to any port=ikefloat
0 9 #Allow any traffic within an IPSEC tunnel in both directions
0 10 pass break end oneroute any
0 11 #Allow incoming SSH and SFTP
0 12 pass in break end proto tcp from any to any port=22222 flags S!A inspect-state
0 13 #Allow incoming HTTPS
0 14 pass in break end proto tcp from any to any port=https flags S!A inspect-state
0 15 #Block and log everything else including incoming telnet, http and FTP
114 16 block log break end
Where exactly should I put those ping FW rules?
And, do I need the “pass break end” or does that depend on where I put the two pings inspection lines?