EasyManuals Logo

Netgate SG-3100 User Manual

Netgate SG-3100
65 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #58 background imageLoading...
Page #58 background image
Security Gateway Manual SG-3100
Description Text describing the rule, e.g. Guest LAN outbound on WAN
Click Save
Click Apply Changes
Alternately, clone existing NAT rules and adjust as needed to match the new LAN.
2.6.6 Firewall Rules
By default there are no rules on the new interface, so the firewall will block all traffic. This is not ideal for a LAN as
generally speaking, the LAN clients will need to contact hosts through the firewall.
Rules for this interface can be found under Firewall > Rules, on the OPTx tab (or the custom name, e.g. GUESTS).
There are two common scenarios administrators typically choose for local interfaces: Open and Isolated
Open
On an open LAN, hosts in that LAN are free to contact any other host through the firewall. This might be a host on
the Internet, across a VPN, or on another local LAN.
In this case a simple “allow all” style rule for the interface will suffice.
Navigate to Firewall > Rules, on the OPTx tab (or the custom name)
Click to add a new rule at the top of the list
Configure the rule as follows:
Action Pass
Interface OPTx (or the custom name) should already be set by default
Protocol Any
Source OPTx Net (or the custom name)
Destination Any
Description Text describing the rule, e.g. Default allow all from OTPx
Click Save
Click Apply Changes
Add rule to pass any protocol from interface net to any destination
Isolated
In an isolated local network, hosts on the network cannot contact hosts on other networks unless explicitly allowed
in the rules. Hosts can still contact the Internet as needed in this example, but that can also be restricted by more
complicated rules.
This scenario is common for locked down networks such as for IOT devices, a DMZ with public services, untrusted
Guest/BYOD networks, and other similar scenarios.
Warning: Do not rely on tricks such as using policy routing to isolate clients. A full set of reject rules as described
in this example are the best practice.
© Copyright 2022 Rubicon Communications LLC 56

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Netgate SG-3100 and is the answer not in the manual?

Netgate SG-3100 Specifications

General IconGeneral
Storage8 GB eMMC
WAN Ports1x 1GbE
LAN Ports3x 1GbE
Power Input12V DC
Network Interfaces5x 1GbE
Operating SystempfSense
Weight2.2 lbs (1 kg)
Serial Port1x RJ45
Power Supply12V DC
RAM2 GB DDR3L
Dimensions8.5 x 6.5 x 1.75 in (216 x 165 x 44.5 mm)

Related product manuals