Network Rules

overview rules define behavior for incoming and outgoing traffic in the network, providing the functionality traditionally provided by firewalls, routers, and switches rule types firewall (action = accept / drop / reject) allows controlling the network's traffic by filtering both packets in and out only allowing packets to pass through if matching established rules these rules are typically related to securing the network nat / pat (action = translate) provides network address/port translation commonly used to conserve external/internal ip addresses by translating public addresses through to private ip addresses nat/pat also allows "hiding" true addresses of network computers, with the translation of external ip/port to internal address/port static routes (action = route) allows controlling traffic paths from the network a common use would be to provide a default gateway which allows routing traffic out of a private network through an external network for internet access order of rules rules are evaluated from top to bottom , and the order directly affects behavior in some cases, changing the sequence can produce different outcomes for example, a nat or pat rule that translates traffic to a new port may interact differently with a rule that blocks traffic by port, depending on which one is applied first because of this, rule ordering should be treated as a deliberate and important part of network design modify rule order rule ordering is controlled by relative placement rather than direct repositioning instead of dragging a rule to a specific position, you select one or more rules and then choose which existing rule they should execute before the system then reorders the selected rules accordingly from the top menu , click networks > list select the desired network from the left menu , click view from the left menu , click rules select the desired rule determine the rule the desired rule should be moved above click the 🡐 move icon on the far right of the rule you wish to move pin a rule pinning a rule will ensure the rule is always at the top or bottom of the ruleset from the top menu , click networks > list select the desired network from the left menu , click view from the left menu , click rules select the desired rule from the left menu , click edit select pin bottom pin the rule to the very bottom of the ruleset no (default) does not pin the rule top pin the rule to the very top of the ruleset click submit rule fields alias selects an alias ip defined on the selected network any/none any source address; no filter on source addresses custom provides a text input field where a specific filter can be entered individual ip address 192 168 1 200 cidr network 10 10 4 0/27 ip range 192 168 1 50 192 168 1 55 any specific ip address or network can be entered using the custom option; however, it's typically best to use one of the helper options to select a variable using a helper option rather than specifying static addresses allows the rule to continue working even when specific addresses are modified and allows for efficient cloning and recipe templates that include these network rules my current ip address the source ip address that is accessing the ui my dmz ip the dmz (external facing) ip assigned to the selected network my ip addresses helper option to select an ip address defined on the selected network my network address helper option to use the selected network (entire subnet) my router ip helper option to use the selected network's router ip (default gateway) network block the full ip block assigned to the selected network other ip address helper option to select a different network and use one of that network's individual ip addresses other network address helper option to select a different network and use that networks (entire subnet) other network block the full ip block assigned to a different network other network dmz ip the dmz (external facing) ip assigned to another network other router ip helper option to select a different network and use that network's router ip (default gateway) only applicable for tcp / udp protocols source or destination ports/ranges multiple options can be combined with commas individual port 80 multiple ports 80,443 port range 1000 1005 network rules create new rule from the top menu , click networks > list select the desired network from the left menu , click view from the left menu , click rules from the left menu , click new enter a name for the rule (optional), enter a description select action accept allows packets that meet the rule criteria drop deny packets that meet the rule criteria reject deny specified packets and send icmp destination unreachable back to the source, when permitted route routes/forwards packets that meet the rule criteria translate maps an address/port outside the selected network with an address/port within the selected network select protocol select direction incoming packets coming into the firewall outgoing packets going out of the firewall select interface (typically auto ) (optional), pin the rule to the top or bottom of the ruleset configure any additional options, if desired enable throttle set a traffic rate limit track rule statistics allows viewing total number of packets processed trace/debug rule enables tracing packets for diagnostic purposes select source see docid\ rty8z1ydekb9logsdgaw6 for descriptions of each field option select destination see docid\ rty8z1ydekb9logsdgaw6 for descriptions of each field option select target (route and translate actions only), directs where to send the traffic see docid\ rty8z1ydekb9logsdgaw6 for descriptions of each field option click submit ⚠️ when network rules are modified, you must apply rules before they are live copy rule (clone) from the top menu , click networks > list select the desired network from the left menu , click view from the left menu , click rules select the desired rule click the 📋 copy icon on the far right of the selected line enter a name for the rule modify desired fields click submit ⚠️ when network rules are modified, you must apply rules before they are live view existing rules from the top menu , click networks > list select the desired network from the left menu , click view from the left menu , click rules modify existing rule from the top menu , click networks > list select the desired network from the left menu , click view from the left menu , click rules select the desired rule from the left menu , click edit modify desired settings click submit ⚠️ when network rules are modified, you must apply rules before they are live