11-08-2007, 06:05 PM
|
|
Member
|
|
Join Date: May 2003
Location: Czech Republic
Posts: 67
|
|
[7.075] How could I configure Packet filter based on interface? [NOTANISSUE]
Hi all,
do you know how can I configure packet filter based on interface ? I don't see in a window "Create new rule" added any new fields for network interface selection.
Could someone help me please ?
Thank you
Alda
|
11-08-2007, 07:56 PM
|
 |
Wizard
|
|
Join Date: Nov 2000
Location: Karlsruhe, Germany
Posts: 1,242
|
|
Hi Alda,
thanks for the question.
We have extended the Definitions > Network objects.
you can now add an interface to every of these objects and if the object is used to create a packetfilter rule, either in Network Security > Firewall, but also in Allowed Networks in the Web and Email Security, than we add the interface additionally to it.
You are now also able to create a real 'Internet' Object using the network '0.0.0.0/0' and bind it to the external interface.
By doing this, you will not open up access to the DMZ like in the past, when you used the "Any" object.
I hope that explains it.
regards
Gert
|
11-08-2007, 09:09 PM
|
|
Member
|
|
Join Date: May 2003
Location: Czech Republic
Posts: 67
|
|
Hi Gert,
thank you for your quick reply.
But I can't test this new feature because in the definition for network object "Any" aren't buttons Edit and Delete.
You can see it, I enclosed screen.
Thank you
Ales
|
11-08-2007, 09:19 PM
|
|
Moderator
|
|
Join Date: Apr 2001
Location: Brantford, Ontario, Canada
Posts: 809
|
|
You don't want to edit Any, you should create a new one called Internet for example, like in my included screenshot. You can see I have bound it to the External interface on my firewall.
__________________
7 x ASG 220, 4 x ASG 120, 2 x 25 IP, Home Unlimited Power User.
|
11-08-2007, 09:37 PM
|
 |
Senior Member
|
|
Join Date: Nov 2005
Location: Canada
Posts: 153
|
|
This makes sense. I can see this as particularly useful when creating SNAT rules for internal servers to bind to the external alias address. (Email server)
By creating an interface definition for Internet (0.0.0.0/0) on WAN interface I no longer need to worry about extra SNAT rules to override when using VPN tunnels for remote systems to pull email off of my exchange server.
__________________
ASG 120 - 7.403
Beta 7.460
|
11-08-2007, 10:20 PM
|
|
Member
|
|
Join Date: May 2003
Location: Czech Republic
Posts: 67
|
|
Hi Cath,
I have learned my error perhaps three seconds after I sent my reply to Gert.
My hand was quicker than my head ...
Alda
|
12-06-2007, 01:02 AM
|
|
Moderator
|
|
Join Date: Jul 2001
Location: southern California
Posts: 5,152
|
|
Does this work with Bridged interfaces?
e.g., can I have a rule that excludes 1/2 of a bridged pair from accessing a server in the other 1/2?
Thanks,
Barry
__________________
http://DealBert.net
Home & business end-user since v1.x - ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
- ASL 7.3x, Dell PE1550 Dual PIII 1GHz, 1GB RAM, 2 NICs, 50-IP Platinum License
- ASL 7.5x, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT. The time now is 06:56 PM.
| |  |
