37. Chapter - Selecting Firewall Rulesets

The firewall of the Intra2net system consists of individual, separate firewall rulesets. These rulesets can be assigned to individual objects such as clients or networks. When creating a new object, an existing firewall ruleset can be applied again. Additionally, the most important, basic rules are supplied pre-installed. This considerably simplifies configuration.

37.1. Rulesets on LAN

Each client, IP range, routing, network and VPN can be assigned one firewall ruleset using the respective menu (e.g. "Network > Intranet > Clients").

Since clients or IP ranges are always located in a network or routing at the same time, 2 firewall rulesets are assigned to them. In this case, only the rule assigned to the client or IP range is valid, the rule assigned to the network or routing is not used. These only apply to IPs from the network for which no client or IP range is configured.

[Caution]Caution

The source of a packet alone determines which firewall ruleset is used.

Therefore, a ruleset for a client contains rules for accessing other local networks as well as the Internet, VPNs, etc. Anything that comes from a client is checked against the ruleset assigned to the client.

In a group of rights (e.g. for a client) you will not only find the firewall ruleset but also settings for the proxy profile, as well as DNS and email relaying. The firewall ruleset has priority over these settings. This means that only if the firewall ruleset allows access to the proxy, the proxy profile configuration will apply.