It would be nice to be able to create a service with as many different applications and ports as desired and put these services in a group and just attach that group to 1 firewall rule and or outbound policy. Basically like SonicWall or Sophos. Makes things much easier to manage and not have to create tons of different rules for 1 application.
And the same applied to Networks. Ex: Group - VoIP Trusted Networks - 64.94.196.0/23
198.58.40.0/21 and just apply this group to firewall rules and outbound policies.
Hey I am just wondering if the zoning feature as talked about was still in road-map for 6.4.0? We would like to be able to create firewall rules as requested above and also zone VPN connections to specific LAN’s, etc.
We are reluctant to move our larger clients with numerous firewall rules that would take so much more time to configure rules for without being able to create address objects to bundle multiple IP addresses to the same rule.
This feature was supposed to be released for version 6.4 and was to be available by year end last year.
Please update when we can expect to see this capability.
That’s great to hear, we’ve had a few enterprise size deployments raise red flags with the lack of this feature, however if you can confirm that it will be by the end of this year, we’ll add a note in our proposals regarding this.
No, you can’t do that locally on the device (well not as easily). You could download the configuration file and then upload the file to your other devices. However, this config file will contain more than just the Outbound policy and firewall rules, so you may need to “adjust” settings which are over-written using this method.
You won’t be able to apply the config file to differing models either, so a config file from a BR1 can’t be uploaded to a Balance One, for instance.
Am I wrong if I say this will be achieved in version 8 with new option “Grouped Networks” in routers ?
It seems in any case a step in the right direction.
What I am still missing though is “default zones” like we would find in all other firewalls (Sophos, SonicWall, juniper, …). Also I am not sure how to use this with automatic Outbound rules and Automatic Firewall rules from ICA as that still uses imports of conf files.