Security Gateway Manual XG-7100
Isolated
In an isolated local network, hosts on the network cannot contact hosts on other networks unless explicitly allowed
in the rules. Hosts can still contact the Internet as needed in this example, but that can also be restricted by more
complicated rules.
This scenario is common for locked down networks such as for IOT devices, a DMZ with public services, untrusted
Guest/BYOD networks, and other similar scenarios.
Warning: Do not rely on tricks such as using policy routing to isolate clients. A full set of reject rules as described
in this example are the best practice.
Create RFC1918 alias or alias containing at least the local/private networks on this firewall, such as VPNs. Using all
of the RFC1918 networks is a safer practice
• Navigate to Firewall > Aliases
• Click Add
• Configure it as follows:
Name
PrivateNets
Description
Private Networks
Type
Network(s)
• Add entries for:
– 192.168.0.0/16
– 172.16.0.0/12
– 10.0.0.0/8
• Click Save
• Navigate to Firewall > Rules, on the OPTx tab (or the custom name)
Add rule to pass DNS to firewall (or other DNS servers)
• Click to add a new rule at the bottom of the list.
• Configure the rule as follows:
Action
Pass
Interface
OPTx (or the custom name)
Protocol
TCP/UDP
Source
OPTx Net (or the custom name)
© Copyright 2024 Rubicon Communications LLC 61
To Next Page
Loading...
