|
Note |
|---|---|
|
In the firewall, a rule applies that packets enabled by a rule can no longer be prohibited later and vice versa. The sequence of rules is crucial! |
|
Stateful inspection firewall (SIF) |
The firewall blocks packets that have passed through the NAT, since the WAN partner is deemed “untrustworthy” in the default settings. No initial requests can therefore be made from this interface. Only requests from trustworthy interfaces can be answered. (All LAN interfaces are deemed trustworthy as standard.)
You have to configure a rule that enables the WAN partner access as an exception to default behaviour.
|
|
Note |
|---|---|
|
In the firewall, a rule applies that packets enabled by a rule can no longer be prohibited later and vice versa. The sequence of rules is crucial! |
|
In our example the HTTP service must be enabled for the WAN partner to gain access to the local interface 192.168.0.1 .
In the example, all necessary interfaces and the service are already predefined. In other circumstances a separate definition might be required beforehand under addresses or services.
Go to Firewall->Addresses->Address List->New.
Firewall->Addresses->Address List->New
Enter a Description e.g. WEB-Server .
Leave IPv4 Enabled .
Leave Address Type = Address / Subnet .
Under Address / Subnet enter e.g. 192.168.2.10 as the web server’s address.
Press OK to confirm your settings.
Go to Firewall->Policies->IPv4 Filter Rules->New.
Firewall->Policies->IPv4 Filter Rules->New
Select a Source, e.g. WAN_WAN-PROVIDER .
Select the Destination WEB-Server .
Select the Service http .
Leave Action Access .
Press OK to confirm your settings.
Under Firewall->Policies->IPv4 Filter Rules you will see the following overview:
Firewall->Policies->IPv4 Filter Rules
| Copyright© Version 08/2020 bintec elmeg GmbH |