Due to additional security measures, we have implemented Multi-Factor Authentication (MFA) on this Support Portal. Please log in using your registered email ID or phone number. In case of any difficulty, kindly reach out to Seqrite Support by emailing us at "support@seqrite.com".
  1. Home
  2. Solutions
  3. How-To Articles
  4. How to create custom firewall rules in UTM

How-To Articles

How to create custom firewall rules in UTM

04-03-2020 12:02:20

Overview

Custom firewall rules are user-defined rules which offer flexibility in customizing the security policy. We have to allow-disallow the services to be accessed by defining these custom rules.

Applicable Version: All

Steps for Custom rule configuration:

A) LAN to WAN custom rule:

B) LAN to LAN custom rule:

A) LAN to WAN custom rule:

1) Go to Firewall --> Custom Rules.

2) Click on Add to configure the custom rule.

3) Enter the details.

Name: Enter Name to rule.

Action: Select Action type to Accept.

Description: Enter description if any.

4) Select Source Settings.

Zone: Select the Source Zone (zone which is trying to communicate).

Interface: Select the Source interface.

Note: Here we have selected LAN as a Source Zone because we are configuring LAN to WAN custom rule.

5) Add the Source IP addresses.

6) Browse the Source IP definition from the Existing network definitions. If Source IP is not present in the existing definitions, then go to next step.

7) Click on create definition to add new source IP/network definition.

8) Enter the details.

Name: Enter the network definition name.

Comments: Enter Comments if any.

Type: Select Definition type. Types available are:

a. Host: Select this type to add single IP address.

b. IP Range: Select this type to add continuous IP range.

c. IP List: Select this type to add multiple random IPs.

d. Network: Select this type to add entire network.

9) Click to Add the Services to be access.

10) Browse the Service Definition from the existing Definitions and if required service is not available then go to next step.

11) Click on Create Definition to Add new Service Definition.

12) Enter the details.

Name: Enter the name for definition.

Comments: Enter Comments if any.

Protocol: Select the protocol of the port.

Destination port: Enter the destination port number i.e., required service to be access

Click on Save to Apply the changes.

13) Select the Destination Zone and Interface.

14) Browse the network definition to add the Destination IP address. And if a destination IP address is not present in the existing definitions, then go to next steps.

15) Click on Create definition to add new network definition.

16) Enter the details.

Name: Enter the name for definition.

Comments: Add comments if any.

Type: Select Definition type. Types available are:

a. Host: Select this type to add single IP address.

b. IP Range: Select this type to add continuous IP range.

c. IP List: Select this type to add multiple random IPs.

d. Network: Select this type to add entire network.

Click on Save to Apply the changes and you will see below page.

17) Set the advanced settings.

Active: Select the status of the rule whether active or inactive.

Enable Logs: Select this option if you want to enable log activities for the firewall rule.

Apply NAT: This option is used to translate the source IP address of a host of outgoing traffic. These are of the following two types:

a. Masquerade: Masquerade dynamically translates the IP address. If This option is selected, then whatever address is on that outgoing interface will be applied to all the outgoing packets.

b. SNAT: SNAT applies static IP address to the outgoing packets This option requires IP address of outgoing interface to be entered.

18) Click on Apply to save the changes.

B) LAN to LAN custom rule:

1) Go to Firewall --> Custom Rules.

2) Click on Add to configure the custom rule.

3) Enter the details.

Name: Enter Name to rule.

Action: Select Action type to Accept.

Description: Enter description if any.

4) Select Source Settings.

Zone: Select the Source Zone (zone which is trying to communicate).

Interface: Select the Source interface.

Note: Here we have selected LAN as a Source Zone because we are configuring LAN to LAN custom rule.

5) Add the Source IP addresses.

6) Browse the Source IP definition from the existing network definitions. If Source IP is not present in the existing definitions, then go to next step.

7) Click on create definition to add new source IP/network definition.

8) Enter the details.

Name: Enter the network definition name.

Comments: Enter Comments if any.

Type: Select Definition type. Types available are:

a. Host: Select this type to add single IP address.

b. IP Range: Select this type to add continuous IP range.

c. IP List: Select this type to add multiple random IPs.

d. Network: Select this type to add entire network.

9) Click to Add the Services to be access.

10) Browse the Service Definition from the existing definition and if required service is not available then go to next step.

11) Click on Create Definition to Add new Service Definition.

12) Enter the details.

Name: Enter the name for definition.

Comments: Enter Comments if any.

Protocol: Select the protocol of the port.

Destination port: Enter the destination port number i.e., required service to be access

Click on Save to Apply the changes.

13) Select the Destination Zone and Interface.

14) Browse the network definition to add the Destination IP address. And if a destination IP address is not present in the existing definitions, then go to next steps.

15) Click on Create definition to add new network definition.

16) Enter the details.

Name: Enter the name for definition.

Comments: Add comments if any.

Type: Select Definition type. Types available are:

a. Host: Select this type to add single IP address.

b. IP Range: Select this type to add continuous IP range.

c. IP List: Select this type to add multiple random IPs.

d. Network: Select this type to add entire network.

Click on Save to Apply the changes and after that you will see below page.

17) Set the advanced settings.

Active: Select the status of the rule whether active or inactive.

Enable Logs: Select this option if you want to enable log activities for the firewall rule.

Apply NAT: This option is used to translate the source IP address of a host of outgoing traffic. These are of the following two types:

a. Masquerade: Masquerade dynamically translates the IP address. If This option is selected, then whatever address is on that outgoing interface will be applied to all the outgoing packets.

b. SNAT: SNAT applies static IP address to the outgoing packets This option requires IP address of outgoing interface to be entered.

Click on Apply to save the changes and you will see below page.

Steps to Enable and Disable the Custom Rule:

1. Go to Custom rule as shown below.

2. Select below button to disable the custom rule.

3. After clicking on the below button Below custom rule will disable and not function.


Please contact Seqrite Technical Support for more assistance