Routing and WAN connections
BAT54-Rail/F..
Release
7.54
06/08
11.7
Changes in other services
407
11.7.6 Firewall rules for certain local networks
For defining source or destination objects with WEBconfig or Telnet, the fire-
wall has the key %L for addressing the local network. All networks on all log-
ical local interfaces (Intranet and DMZ) belong to this local network. By
extending the key (%Lintranet, dmz), individual or multiple networks can be
addressed. On the one hand, this includes the addresses of the networks into
the rule; on the other hand, the rule only takes effect when the source ad-
dresses are correct and when the source interface of the received packet fits.
If a network of this type is defined as the target network, then the packet will
be forwarded precisely to the given interface.
Under LANconfig too, firewall rules can also be limited to certain networks as
source or destination:
Example: Two local networks, "COMPANY" and "HOME" are to be billed
separately and so they use two Internet access accounts ("INTERNET-BIZ"
and "INTERNET-HOME"). Both networks have web servers which are to be
accessible from the Internet. This scenario is covered by the following rules:
Configuration tool Call
LANconfig Firewall/QoS
 Rules  Stations
WEBconfig, Telnet Expert Configuration > Setup > IP-Router > Firewall > Rules
Name Protocol Source Target Action
HTTP-COMPANY TCP %Hinternet-biz %Lcompany %S80 %a
HTTP-PRIV TCP %Hinternet-home %Lhome %S80 %a
INET-COMPANY ANY %Lcompany %Hinternet-biz %a
INET-PRIV ANY %Lhome %Hinternet-home %a
To Next Page
Loading...
Need help?
General
