Add ability for firewall rules to be WAN inteface sensitive


#1

Maybe this is already possible and I have just not figured out how to do it, but what I’d like to see added to the firewall rules configuration is the ability to have some of the rules be WAN interface specific.

To give you a specific example of why I’d like to see this implemented, the network I have my Pepwave Surf SOHO on has the ethernet WAN connected to a Comcast high speed connection, and the USB to an AT&T hotspot. The system falls back on the AT&T hotspot when the Comcast goes down, which it does in my area on a monthly basis, typically for a couple of hours. Obviously, the AT&T hotspot is very slow compared to the Comcast high speed connection. It also is on a pay as you go plan, so I’d like to limit large data transfers until the ethernet WAN comes back online.

However, some of the servers on the network are setup to perform offsite backups, which will clog the system if they try to run when the ethernet WAN is down. So I’d like to be able to set up a firewall rule that simply blocks those machines from accessing the Internet when the WAN connection is the USB port, and allow them when the WAN connection is the ethernet port. I don’t see a way to configure the Pepwave to do this with the present firewall rules configuration menus.


Bind firewall rule to WAN interface
#2

This can be achieved if you force the related traffics to Comcast by using Outbound Policy. Of course, you need to know the destination IPs or ports to achieved this.


#3

How does that provide WAN specificity to the rule? Please explain or give an example.


#4

Enforced offside backup to Comcast using Outbound Policy


Below is the scenario by having this rule.

  1. Comcast active, Mobile Internet standby
  • Offside backup will go through Comcast.
  • Others traffic will go through Comcast.
  1. Comcast down, Mobile Internet active
  • Offside backup will go through Comcast then traffic drop.
  • Others traffic will go through Mobile Internet.

Outbound rules on SOHO MK3
#5

That dialog does not match the one for creating an Outbound Rule on a Pepwave Surf SOHO running firmware 6.3.1. The Outbound Rule creation dialog on a Pepwave Surf SOHO running firmware 6.3.1 looks like this:



#6

My suggestion was using Outbound Policy, not firewall. You may configure it at Advanced > PepVPN > Outbound Custom Rules. If you haven’t enabled the PepVPN, just enable it by entering a PepVPN Local ID.


#7

Thanks, I missed that.