Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 5823 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question on firewall rules (XG210 17.0.0)

SteveChung

Hi,

I am using XG210 with 17.0.0 firmware in gateway mode.

I have 1-to-1 NAT host in LAN with specific WAN IP. 

It works if I configure business application rule for services ICMP, SMTP and SSH with reflexive rule.

However, it seems reflexive rule permit any traffic from LAN. E.g. DNS and HTTP

How should I block DNS and HTTP services?

The other question is how can I restrict access of SMTP and SSH with various source?

E.g. Permit SMTP from 1.2.3.4 only and Permit SSH from 5.6.7.8 only

Please advies. Thank you!



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to rfcat_vk

    Thank you, Ian

    Should I build business application rule for each service with different source?

    Or single business application rule to permit all necessary services and source with reflexive enabled, then add user/network rule to reject before it?

    I am confused on how they works.

Children