Configure a firewall

Firewall - A firewall has three ports, also called interfaces. These ports include:

  • Upper port - the outside, or un-trusted, interface (eth0)

  • Lower left-hand port - the inside, or trusted, interface (eth1)

  • Lower right-hand port - the DMZ (demilitarized) interface (eth2)

Go back

To configure a firewall

Follow these steps to configure a firewall:

  1. Open the infrastructure in the Editor. [Tell me how]

  2. With the infrastructure open in the Editor, right-click the firewall to be configured and select [Configure]. The Configure Firewall dialog opens. [Show me]

  3. Make any wiring connections necessary. [Show me]

Basic Information

  1. In the Name field, give the firewall a unique name (this must be done during design). If no name is specified, default names are given, for example, Firewall1, Firewall2, to each subsequent element added.

  2. From the Type drop-down list, select the type of firewall you want.

  3. From the Def. Gateway drop-down, select a device as the default Gateway. [Tell me more]

  4. From the Interface radio buttons, select Outside, Inside, or DMZ. (Each port (interface) is configured separately, but the steps are the same.)

1-to-1 NAT Mapping - The NAT Mapping area gives a view of the DNS and IP allocation for the selected interface [Show me]

  1. The DNS entry field displays the name of the element, as it will appear in the DNS.

  2. The IP address field displays the IP address of the firewall or Set Upon Activation if the infrastructure is not active.

  3. For each interface that is referenced inside a firewall interface's rule configuration, there will be an IP address allocated on the same subnet as the current interface. A DNS entry will be created for that address.

Access Settings - [Show me the Firewall Access Rules]

  1. To add an access rule, click the button under the Access column, and a row of Access Rule fields appears.

  2. Click the Deny/Allow toggle button as needed to select Allow or Deny for the rule.

  3. Under the Service column, select the service you want to assign to the port you're configuring from the Service drop-down list, or define a custom service. If you click Custom, two fields appear: Protocol and Port. Enter the numbers, or click to choose a protocol from the Protocol drop-down list.

  4. Under the From column, click either By IP & Mask or By Name to indicate how you want the From rule to be set. By Name is the default.
    If you selected By IP & Mask, type the IP Address you want to allow or deny access in the IP Address field. To allow or deny access to a range of addresses, enter the mask number; there is no maximum.

  5. From the Interface drop-down list in the From area, select a device from those present, or leave the default as the selected item, depending on your configuration and needs.

When finished making settings

  1. Click [OK] to save your changes.

[Show me an example of the configure firewall dialog]

 See Also

Allowing firewall services

Configuration concepts

Configuration dialog fields

Configure an element

Denying firewall services

Firewall access rules for configuration

Overview of firewalls