Lantronix G520 G520 User Guide - Page 174
Firewall Zones, Packet filtering actions
View all Lantronix G520 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 174 highlights
11: Network Parameters Input Output Forward Description Select to accept or reject the inbound traffic to all the interfaces. Select to accept or reject the outbound traffic from all the interfaces. Select to accept or reject the forwarded traffic from all the interfaces. Firewall Zones Two firewall zones, the LAN zone and WAN zone, are predefined in the gateway. All traffic from LAN to WAN has no restrictions but all incoming traffic from WAN source is blocked unless a port forwarding rule is set or unless a particular port is opened. A zone section groups one or more interfaces and serves as source or destination for forwarding, rules, and redirects. A zone is defined by the following rules: Masquerade (NAT) of outgoing traffic (WAN) is controlled on a per zone basis on the outgoing interface. INPUT rules describe what happens to traffic trying to reach the gateway through an interface in that zone. OUTPUT rules zone describe what happens to traffic originating from the gateway going through an interface in that zone. FORWARD rules describe what happens to traffic passing between different interfaces in that zone. Packet filtering actions ACCEPT - traffic is allowed to pass as if there is no firewall in place. If the port at the destination is closed, a response will be returned as if a Reject rule is in place. DROP - the firewall discards the packet and sends no response back to the source host that sent the packet. The source host will wait for a response until a timeout occurs and may attempt to retry the connection after timeout occurs. REJECT - the firewall discards the packet and sends a response back to the source host that the port is closed. Doing so can hint to the source that packet filtering firewall is in place. In general, use REJECT to deny traffic from trusted hosts by gracefully informing them that traffic is not allowed to pass. Use DROP to deny traffic from untrusted hosts or when you don't want expose information about the destination host. To configure firewall zones: 1. Go to Network > Firewall. 2. To add and configure a new firewall zone, click Add. 3. To modify settings for an existing firewall zone, click Edit. 4. Enter or modify the firewall zone settings. See Table 11-24. 5. Click Save. Parameters General Settings Name Table 11-24 Firewall Zones Configuration (LAN) Description Enter the name of the zone. G520 Series IoT Cellular Gateway User Guide 174