Hi,
Details guide on how to define the firewall rules can be found in the product user manual (Pages 173-177).
You can download the user manual using the URL below:
If you go through to the user interface for the firewall access rules, you will find that the UI is easy to understand & easy to use. There are only 3 type of firewall rules that you need to define:
1. Outbound Firewall Rules
This table displays all the configured outbound firewall rules and their details. Dragging a rule up/down can change its priority, higher position of a rule signifies higher precedence.
For every new outbound IP session (i.e. sessions going to WAN side), rules will be matched from the top to bottom. The matching process stops when a rule is found to be matched.
If an outbound IP session does not match any of the rules listed, the Default rule will be applied.
2. Inbound Firewall Rules
This table displays all the configured inbound firewall rules and their details. Dragging a rule up/down can change its priority, higher position of a rule signifies higher precedence.
For every new inbound IP session routed to a host on the LAN (i.e. sessions coming from WAN side), rules will be matched from the top to bottom. The matching process stops when a rule is found to be matched.
The inbound firewall rules only apply to the following types of traffic:
- Inbound WAN 1 traffic where the WAN 1 is in drop-in mode
- Inbound traffic that is defined in Inbound Services
- Inbound traffic that is defined in Inbound NAT Mappings
If an inbound IP session does not match any of the rules listed, the Default rule will be applied.
3. Internal Network Firewall Rules
This table displays all the configured internal network firewall rules and their details. Dragging a rule up/down can change its priority, higher position of a rule signifies higher precedence.
For every new internal network IP session (i.e. sessions between LAN / VLAN / Static route networks / PepVPN networks / IPsec networks / L2TP with IPsec clients / PPTP clients), rules will be matched from top to bottom. The matching process stops when a rule is found to be matched.
If an internal network IP session does not match any of the rules listed, the Default rule will be applied.
Note: The device WebUI help menu have actually explain the above type of rules & when you need to define each of the rules.
The complex parts is actually not on how to defined the firewall rules and itâs IT knowledge on the applications that running on the networks. As explain earlier, you need to fully understand the requires service ports for the application in order for you to allow the connections. There are more than millions type of application running in the internet so there is not general guide for this. As mention, you should to get those info from the application support.
Letâs further discuss the posted questions:
web traffic + Email via IMAP / SMTP with and without SSL to the most common email providers. Say Gmail and MS 365 Exchange.
- To allow Web Traffic:
Default Ports: DNS (UDP 53), HTTP (TCP 80), HTTPS (TCP 443)
Customize servers: other ports base on the servers
Firewall Rules Type: Outgoing firewall rules
- Email
Gmail: Add Gmail to another email client - Gmail Help
Office 365: Microsoft 365 URLs and IP address ranges - Microsoft 365 Enterprise | Microsoft Learn
Firewall Rules Type: Outgoing firewall rules
My understanding is that by not setting any firewall rules our doors are wide openâŚ
This is not correct.
Outgoing firewall rules
- This only control LAN users access internet (Not Applicable)
Inbound firewall rules
The inbound firewall rules only apply to the following types of traffic:
- Inbound WAN 1 traffic where the WAN 1 is in drop-in mode
- Inbound traffic that is defined in Inbound Services
- Inbound traffic that is defined in Inbound NAT Mappings
Note: If you doesnât have the above defined, basically no inbound access are allowed.
InterVLANs
InterVLAN traffics and other (Not Applicable)
Thank You