5 vpn traffic, 6 system access, 5 vpn traffic 5.6 system access – NEXCOM IFA 1610 User Manual

Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.

IFA 3610/IFA 2610/IFA 1610 User Manual

Chapter 5: The Firewall Menu

53

Inter-Zone Firewall Settings

The inter-zone firewall can be disabled or enabled by using the Enable Inter-Zone firewall switch. When disabled, all traffic
is allowed among all the BLUE, GREEN, and ORANGE zones. Disabling the inter-zone firewall is strongly discouraged.

Log accepted Inter-Zone connections
Ticking this checkbox causes all the accepted connections among the zones to be logged.

5.5 VPN traffic

The VPN traffic firewall allows to add firewall rules applied to the users and hosts that are connected via OpenVPN.

The VPN traffic firewall is normally not active, which means that, on the one side, the traffic can freely flow between the
VPN hosts and the hosts in the GREEN zone, and on the other side, VPN hosts can access all other zones. Please note that
VPN hosts are not subject to the outgoing traffic firewall or the Inter-Zone traffic firewall. Two boxes are present on this
page, one that shows the current rules and allow to add new ones, and one that allows to set the VPN firewall options.

Current Rules

The handling and definition of the rules is identical to the outgoing traffic firewall, so please refer to that section and to
the common options for directions on the definition and handling of the firewall rules in this module.

VPN Firewall Settings

The VPN firewall can be disabled or enabled using the Enable VPN firewall switch.

Log accepted VPN connections
Ticking this checkbox causes all the accepted connections from the VPN users to be logged.

5.6 System access

This section governs the rules that grant or deny access to the appliance itself.

There is a list of pre-configured rules that cannot be changed, whose purpose is to guarantee the proper working of
the firewall. Indeed, there are services, among those supplied by the appliance, that require to be accessed from clients
in the various local zones. Examples include using the DNS (which requires that the port 53 be open) to resolve remote
hostnames or using the administration web interfaces (which uses port 10443): Whenever one of these services is
activated, one or more rules are automatically created to allow the proper efficiency of the service itself.

The list of the pre-defined rules is shown when clicking on the Show rules of system services button at the bottom
of the page.

More system access rules can be added by clicking on the Add a new system access rule link. The setting specific to
this module of the firewall are:

Log packets
All packets that access or try to access the appliance are logged when this checkbox is ticked. This option proves useful
to know who accessed -or tried to access- the system.

Source address
The MAC addresses of the incoming connection.

Source interface
The interface from which the system can be accessed

Note:

There is no Destination address, as it is the IP address of the interface from which the access is granted or attempted.

Actions are to disable/enable, edit, or delete a rule from the list of rules.