I have some remote SOHO routers VPNing to a central site. I want to add a very basic Zone Based Policy Firewall such that all traffic to the Internet is permitted out and its reply traffic is permitted in. Inbound SIP traffic from two hosts is peritted in and IPSEC traffic is permitted from specific IP. ICMP is permitted any any. Would appreciate a configuration example. Thanks.