Packet Filter Rules on Astaro Security Gateway

  • Article ID: 115091
  • Rating:
  • 1 customers rated this article 5.0 out of 6
  • Updated: 31 May 2012

By default all traffic is blocked and not allowed to pass through the Astaro Security Gateway. To allow traffic packet filter rules must be added.

Known to apply to the following Sophos product(s) and version(s)
Astaro Security Gateway

Operating systems
V7, V8, V9

What To Do

Example Task of allowing a DMZ network access to the internet but restrict all access to internal network.

Goto Network Security >> Packet Filter

Click on the '+ New Rule' button 

Group:  This group is user created and can be left as No Group.

Position: Choose the position that the rule will sit as rules are accounted for from top to bottom.

Source: When selecting the Sourceyou have the option to create a new definition by clicking on the plus sign icon, or choosing a definition that has already created by clicking on the folder icon.  Drag and Drop the selected definition into place

Service:  When selecting the Service you have the option to create a new definition by clicking on the plus sign icon, or choosing a definition that has already created by clicking on the folder icon.  Drag and Drop the selected definition into place

Destination:  When selecting the Destination you have the option to create a new definition by clicking on the plus sign icon, or choosing a definition that has already created by clicking on the folder icon.  Drag and Drop the selected definition into place

Action: Select Allow, Drop, or Reject

Time Event: Select the according time event if applicable

Log Traffic: The Log Traffic checkbox will show the traffic for that particular rule in the packet filter livelog if selected as:
  Allow -Green
  Drop - Red
  Reject - Yellow
Comment: Add a comment if desired


DMZ Example

Example for 2 rules required for a DMZ to drop all traffic to the internal network, but does allow all traffic to the Internet.

Group:
  DMZ
Position: Group Top
Source: DMZ (network)
Service:  Any
Destination:  Internal(network)
Action: Drop
Time Event: Always
Log Traffic: Check
Comment: Drop all DMZ traffic to the internal network and log

Group:  DMZ
Position: Group Bottom
Source: DMZ (network)
Service:  Any
Destination:  Any
Action: Allow
Time Event: Always
Log Traffic: No
Comment: Allow all DMZ traffic to the Internet

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments