Intranet Rules

This topic is ONLY relevant to security gateways. It is NOT relevant to managed switches.

Overview


Figure 1.  Example Intranet Rules Page

The Intranet Rules page (Fig. 1) allows you to manage firewall rules for the selected Mako that affect traffic within each local area network (LAN).  You can create both basic and advanced intranet firewall rules.

If no custom rules have been created, the default rules will be used.  The default rules do not allow any intranet traffic within your network, ensuring maximum network security.

Firewall rules are implemented from top to bottom as they appear on this page.

Basic Settings

Use the Basic Settings tab (Fig. 1) to manage basic intranet firewall rules.  If you need more control over the handling of intranet traffic than is provided here, you can use the Advanced Settings tab instead.

Add Intranet Rule


Figure 2.  Add Intranet Rule Form

Use the Add Intranet Rule form (Fig. 2) to add a new intranet firewall rule.

Source Network

Choose the LAN that is the source of the intranet traffic to which the new rule will apply.

Destination IP Address

Enter the internal IP address and network mask (in CIDR notation) that is the destination of the intranet traffic to which the new rule will apply.  This can be a single device or an entire LAN.

Alternatively, use the Network dropdown to choose the entire LAN that is the destination of the intranet traffic to which the new rule will apply.

Service Type


Figure 3.  Example Service Type Selector

Use the service type selector (Fig. 3) to specify the service type of the intranet traffic to which the new rule will apply. The service type selector will display a Search Results list as you type.  Below the Search Results list, you will see lists of Recent Services (if any have been selected recently) and Common Services.  If the desired service type is visible in one of these lists, click the service type to select it.  Otherwise, click the “Add new service” link below the selector to open the Add Service page (Fig. 4) in a new window.


Figure 4.  Example Add Service Page

Use the Add Service form (Fig. 4) to add a new service type by choosing a Protocol (either “TCP” or “UDP”), entering Start Port and End Port values, and then clicking the “Add Service” button.

Action

Choose whether to allow or deny the intranet traffic to which the new rule will apply.  This is set to “Deny” by default. Click the “Allow” radio button to allow the traffic instead.

Comments

Enter any additional comments you may have regarding this rule.  These comments are restricted to a maximum of 64 characters.

Add Button

To create the new intranet firewall rule, click the “Add” button.

Existing Intranet Rules


Figure 5.  Example Existing Intranet Rules List

The Existing Intranet Rules list (Fig. 5) is where you can manage existing intranet firewall rules.  Rules are grouped by Source IP Address in this list.

  • Destination – internal destination IP address and network mask to which the rule applies
  • Service – service type to which the rule applies
  • Attributes – icons indicating whether the rule is allowing or denying traffic, whether or not the rule is an advanced rule, whether or not the rule is ineffective, whether or not tracing is enabled, and whether or not tracing could degrade performance
  • Comments – comments describing the rule
  • Options – edit, delete, and raise priority buttons

Edit Intranet Rule


Figure 6.  Example Edit Intranet Rule Form

To edit a firewall rule, click its gear icon button in the Options column. This will open the Edit Intranet Rule form (Fig. 6) in a new window.

See the advanced Add Intranet Rule form below for a description of the Trace Logging field.

Make any desired changes, then click the “Save” button.

Raise Intranet Rule Priority

To raise an intranet firewall rule one position in its Source IP Address list group, click its up arrow icon button in the Options column.

Firewall rules are implemented from top to bottom of the list group.

Delete Intranet Rules

To delete an intranet firewall rule, click its “-” icon button in the Options column.  This will open a confirmation panel asking you to confirm the deletion.  If you are certain you want to delete the intranet firewall rule, click the “OK” button.

To delete ALL existing intranet firewall rules for a Source IP Address list group at the same time, click the “Delete All” button at the bottom of the Source IP Address list group.  This will open a confirmation panel asking you to confirm the deletions.  If you are certain you want to delete ALL existing intranet firewall rules in the Source IP Address list group, click the “OK” button.  This will delete BOTH basic and advanced intranet firewall rules.

Advanced Settings


Figure 7.  Example Advanced Settings Tab

Use the Advanced Settings tab (Fig. 7) to manage advanced intranet firewall rules.

Add Intranet Rule


Figure 8.  Advanced Add Intranet Rule Form

Use the advanced Add Intranet Rule form (Fig. 8) to add a new advanced intranet firewall rule.

Source IP Address/Mask

Enter the internal IP address and network mask (in CIDR notation) that is the source of the intranet traffic to which the new rule will apply.  This can be a single device or an entire LAN.

As a convenience, you can click the “Network Mask” button to open a new window containing a list of network mask values, then click the desired value to populate Source IP Mask.

Destination IP Address/Mask

Enter the internal IP address and network mask (in CIDR notation) that is the destination of the intranet traffic to which the new rule will apply.  This can be a single device or an entire LAN.

As a convenience, you can click the “Network Mask” button to open a new window containing a list of network mask values, then click the desired value to populate Destination IP Mask.

Service Type

Use the service type selector to specify the service type of the intranet traffic to which the new rule will apply.  The service type selector will filter its results as you type.

See the Service Type field in the basic Add Intranet Rule form for a full description of how to use the service type selector.

Action

Choose whether to allow or deny the intranet traffic to which the new rule will apply.  This is set to “Deny” by default. Click the “Allow” radio button to allow the traffic instead.

Trace Logging

Trace logging allows you to trace individual IP connections allowed and denied through the firewall.  The trace information can be viewed on the Reports >> Syslogs page by selecting the “Firewall Logs” type.  Trace logging is disabled by default. To enable it, click the “Enable trace logging” checkbox.  Trace logging can negatively impact performance and should only be enabled while troubleshooting firewall-related connection problems.  Trace logging is disabled automatically after four days.

Comments

Enter any additional comments you may have regarding this rule.  These comments are restricted to a maximum of 64 characters.

Add Button

To create the new intranet firewall rule, click the “Add” button.

Existing Intranet Rules


Figure 9.  Example Advanced Existing Intranet Rules List

The advanced Existing Intranet Rules list (Fig. 9) is where you can manage existing advanced intranet firewall rules.  Rules are grouped by Source IP Address in this list.

  • Source – internal source IP address and network mask to which the rule applies
  • Destination – internal destination IP address and network mask to which the rule applies
  • Service – service type to which the rule applies
  • Attributes – icons indicating whether the rule is allowing or denying traffic, whether or not the rule is an advanced rule, whether or not the rule is ineffective, whether or not tracing is enabled, and whether or not tracing could degrade performance
  • Comments – comments describing the rule
  • Options – edit, delete, and raise priority buttons

Edit Intranet Rule

To edit a firewall rule, click its gear icon button in the Options column. This will open the Edit Intranet Rule form (Fig. 6) in a new window.

Make any desired changes, then click the “Save” button.

Raise Intranet Rule Priority

To raise an intranet firewall rule one position in its Source IP Address list group, click its up arrow icon button in the Options column.

Firewall rules are implemented from top to bottom of the list group.

Delete Intranet Rules

To delete an intranet firewall rule, click its “-” icon button in the Options column.  This will open a confirmation panel asking you to confirm the deletion.  If you are certain you want to delete the intranet firewall rule, click the “OK” button.

To delete ALL existing intranet firewall rules for a Source IP Address list group at the same time, click the “Delete All” button at the bottom of the Source IP Address list group.  This will open a confirmation panel asking you to confirm the deletions.  If you are certain you want to delete ALL existing intranet firewall rules in the Source IP Address list group, click the “OK” button.  This will delete BOTH basic and advanced intranet firewall rules.

Previous : Outbound Rules
IPsec Rules : Next
Was this post helpful?
Please let us know if this helped you find answers.
Yes
No