Routing and WAN connections
BAT54-Rail/F..
Release
7.54
06/08
11.7
Changes in other services
409
Tag assignment can be carried out directly in the network definition:
Alternatively the assignment of tags can be carried out with a combination of
network definitions and firewall rules. The networks are defined as follows:
Routing tags can be used to define the following firewall rules:
Important for these rules is the maximum priority (255) so that these rules are
always checked first. Since filtering is still possible by services, the option
"Linked" has to be set in the firewall rule.
11.7.8 Default routes filter
It is possible for firewall rules to take effect only if the sender or receiver can
be accessed over the default route. Because the function of the virtual router
is based on checks of the interface tags, not only the untagged default routes
but also routes other than "default routes" have to be included.
D When a packet is received at a WAN interface, then the WAN interface
is considered by the firewall to be a default route if either a tagged or an
untagged default route refers to this WAN interface.
D If a packet is received at a LAN interface and is to be routed to a WAN
interface, then this WAN interface is considered to be a default route if ei-
ther the untagged default route or if a default route tagged with the inter-
face tag refers to this WAN interface.
Network name IP address Netmask VLAN ID Interface Source check Type Rtg-Tag
DEVELOP-
MENT
10.1.1.1 255.255.255
.0
0 LAN -1 strict Intranet 2
SALES 10.1.1.1 255.255.255
.0
0 LAN -2 strict Intranet 1
Network name IP address Netmask VLAN ID Interface Source check Type Rtg-Tag
DEVELOP-
MENT
10.1.1.1 255.255.255
.0
0 LAN -1 strict Intranet 0
SALES 10.1.1.1 255.255.255
.0
0 LAN -2 strict Intranet 0
Name Protocol Source Target Action Linked Prio (...) Rtg tag
DEVELOP-
MENT
ANY %Ldevelop-
ment
ANY-
HOST
%a yes 255 2
SALES ANY %Lsales ANY-
HOST
%a yes 255 1
To Next Page
Loading...
Need help?
General
