Firewall Firewall configuration
IX20 User Guide
932
Firewall configuration
Firewall configuration includes the following configuration options:
n
Zones: Azone is a firewall access group to which network interfacescan beadded. You then
use zonesto configure packet filtering and access control lists for interfacesthat are included
in the zone. Preconfigured zonesinclude:
l
Any: Matches any network interface, even if they are not assigned to this zone.
l
Loopback: Zone for interfacesthat are used for communication between processes
running on the device.
l
Internal: Used for interfaces connected to trusted networks. By default, the firewall will
allow most accessfrom thiszone.
l
External: Used for interfaces to connect to untrusted zones, such asthe internet. This zone
has Network Address Translation (NAT) enabled by default. By default, the firewall will
block most access from thiszone.
l
Edge: Used for interfacesconnected to trusted networks, where the device isa client on
the edge of the network rather than a router or gateway.
l
Setup: Used for interfaces involved in the initial setup of the device. By default, the firewall
will only allow this zone to access administration services.
l
IPsec: The default zone for IPsec tunnels.
l
Dynamic routes: Used for routes learned using routing services.
n
Port forwarding: Alist of rules that allow network connectionsto the IX20 to be forwarded to
other servers by translating the destination address.
n
Packet filtering: Alist of packet filtering rulesthat determine whether to accept or reject
network connectionsthat are forwarded through the IX20.
n
Custom rules: Ascript that is run to install advanced firewall rules beyond the
scope/capabilitiesof the standard device configuration.
n
Quality Of Service: Quality of Service (QOS) optionsfor bandwidth allocation and policy-
based traffic shaping and prioritizing.
Create a custom firewall zone
In addition to the preconfigured zones, you can create your custom zonesthat can be used to
configure packet filtering and access control lists for network interfaces.
To create a zone:
Web
1. Log into Digi Remote Manager, or log into the local Web UI asa user with full Admin access
rights.
2. Access the device configuration:
Remote Manager:
a. Locate your device as described in Use Digi Remote Manager to view and manage your
device.
b. Click the Device ID.
To Next Page
Loading...
Need help?
General