Configuring filter rules

Once you have completed the configuration of the alias names for IP addresses and services, you can define the filter rules in the Firewall -> Policies menu.

A complete filter rule chain looks like this:

Firewall -> Policies ->Filter Rules

Relevant fields in the Filter Rules menu

Field Meaning
Source Location Source address for which this rule applies.
Destination Destination address for which this rule applies.
Service Service for which this rule applies.
Action Determines whether data traffic is allowed or rejected.

Important

The correct configuration of the filter rules and the right arrangement in the filter rule chain are decisive factors for the operation of the firewall. An incorrect configuration may possibly prevent further communication with the Internet and/or the gateway.

First configure a rule that allows the administrator and director to access the gateway over HTTP and Telnet. You must define this rule first otherwise communication with the GUI™ will be impossible.

Go to the following menu to create a new rule:

  1. Go to Firewall -> Policies -> Filter Rules.

  2. Click New to create a new rule.

  3. Under Source select the group Administration_be.IP .

  4. Under Destination, select be.IP .

  5. Select the Service Administration Ports .

  6. Under Action select Access .

  7. Leave the remaining settings unchanged and confirm them with OK.

Next configure a rule that allow the gateway to forward DNS queries to the Internet.

Go to the following menu to create a new rule:

  1. Go to Firewall -> Policies -> Filter Rules.

  2. Click New to create a new rule.

  3. Under Source select LOCAL .

  4. Set Destination to ANY .

  5. Select the Service dns .

  6. Under Action select Access .

  7. Leave the remaining settings unchanged and confirm them with OK.

Configure a rule that allows the entire network to forward DNS queries to the gateway.

Go to the following menu to create a new rule:

  1. Go to Firewall -> Policies -> Filter Rules .

  2. Click New to create a new rule.

  3. Under Source select Network_Internal .

  4. Under Destination, select be.IP .

  5. Select the Service dns .

  6. Under Action select Access .

  7. Leave the remaining settings unchanged and confirm them with OK.

Now configure a rule that rejects all other queries to the gateway.

Go to the following menu to create a new rule:

  1. Go to Firewall -> Policies -> Filter Rules.

  2. Click New to create a new rule.

  3. Set Source to ANY .

  4. Under Destination, select be.IP .

  5. Select the Service any .

  6. Under Action select Deny .

  7. Leave the remaining settings unchanged and confirm them with OK.

Now configure a rule that allows the director access to all internet services.

  1. Go to Firewall -> Policies -> Filter Rules.

  2. Click New to create a new rule.

  3. Set Source to Director .

  4. Set Destination to ANY .

  5. Select the Service any .

  6. Under Action select Access .

  7. Leave the remaining settings unchanged and confirm them with OK.

Finally configure a rule that allows the internal network to use the HTTP, HTTPS and FTP services.

  1. Go to Firewall -> Policies -> Filter Rules.

  2. Click New to create a new rule.

  3. Under Source select Network_Internal .

  4. Set Destination to ANY .

  5. Select the Service Internet Ports .

  6. Under Action select Access .

  7. Leave the remaining settings unchanged and confirm them with OK.

Click Save Configuration and confirm with OK to save the configuration permanently.

Copyright© Version 08/2020 bintec elmeg GmbH