Security Gateway Manual SG-3100
Create RFC1918 alias or alias containing at least the local/private networks on this firewall, such as VPNs. Using all
of the RFC1918 networks is a safer practice
• Navigate to Firewall > Aliases
• Click Add
• Configure it as follows:
Name PrivateNets
Description Private Networks
Type Network(s)
• Add entries for:
– 192.168.0.0/16
– 172.16.0.0/12
– 10.0.0.0/8
• Click Save
• Navigate to Firewall > Rules, on the OPTx tab (or the custom name)
Add rule to pass DNS to firewall (or other DNS servers)
• Click to add a new rule at the bottom of the list.
• Configure the rule as follows:
Action Pass
Interface OPTx (or the custom name)
Protocol TCP/UDP
Source OPTx Net (or the custom name)
Destination This Firewall (self)
If clients are to use DNS servers other than the firewall, use those as the destination instead.
Destination Port Range DNS, or choose Other and enter 53
To allow DNS over TLS as well, add another rule for DNS over TLS or port 853.
Description Text describing the rule, e.g. Allow clients to resolve DNS through
the firewall
• Click Save
Add rule to pass ICMP to firewall
• Click to add a new rule at the bottom of the list.
• Configure the rule as follows:
Action Pass
Interface OPTx (or the custom name)
Protocol ICMP
ICMP Subtype Any is OK in this case, ICMP is useful but some people prefer to limit to to Echo
Request only to allow ping and nothing else.
© Copyright 2022 Rubicon Communications LLC 57
To Next Page
Loading...
Need help?
General
