This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Need help]Firewall

Hi everybody, I'm using astaro 220(v8). Please help me create firewall rule :
- 10.0.0.*** (255.0.0.0): can use all service(port)
- 10.0.1.*** (255.0.0.0): can use email only.
I have try create 2 rule :
1. 10.0.0.0/24 - any - any : allow
2. 10.0.1.0/24 - Email Messaging - any

But user in IP range 10.0.1.*** can use internet ...
Please help me, thx

This thread was automatically locked due to age.

Parents

0 hotsummerboy over 13 years ago

- Astaro 220 has 8 NICs,
- Yes, 2 range on same NIC
- SOme people in same room allowed use internet and some peoples not allowed (email only) and both can share documents together
How do you set up the rules for my situation? Thx for answer
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 hotsummerboy over 13 years ago

- Astaro 220 has 8 NICs,
- Yes, 2 range on same NIC
- SOme people in same room allowed use internet and some peoples not allowed (email only) and both can share documents together
How do you set up the rules for my situation? Thx for answer
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 RFCat_vk_01 over 13 years ago in reply to hotsummerboy

Hi,
easy to setup, hard to police.

How do you plan to restrict the people (PCs/laptops) the correct IP address range? If you plan on fixed IP, what is to stop people from changing their IP address?
You setup filters for the ranges, but you make sure your ranges are seperate eg DHCP 10.0.1.***/24 and DHCP 10.0.0.***/24 and your filters will work.
The other problem is your rule of any -> any -> allow that means any/everyone on the internet can use your ASG.
Rangea -> any (port) -> any destination -> allow
Rangeb -> mail group (ports) -> any destination -> allow
This also assumes you have NAT (MASQ) in place?

What features does you ASG 220 have?
Mail protection, web protection?

Ian
Cancel
Vote Up 0 Vote Down

Cancel