Firewall Traffic Rules

  • Updated on December 21, 2021

A firewall is a set of security measures designed to prevent unauthorized access to a networked computer system. It is like walls in a building construction, because in both cases their purpose is to isolate one “network” or “compartment” from another.

To protect private networks and individual machines from the dangers of Internet, a firewall can be employed to filter incoming or outgoing traffic based on a predefined set of rules called firewall policies.

Traffic Rules: Used to control incoming/outgoing, traffic in customized scheduled times, and taking actions for specified rules such as accept; reject and drop.

This guide will help you to understand and configure Traffic Rules features on the GWN7000.

TRAFFIC RULES

GWN7000 offers the possibility to fully control incoming/outgoing traffic for different protocols in customized scheduled times, and taking actions for specified rules such as Accept; Reject and Drop.

Input

The GWN7000 allows to filter incoming traffic to networks group or port WAN1 or WAN2 and apply rules such as:

  • Accept: To allow the traffic to go through.
  • Reject: A reply will be sent to the remote side stating that the packet is rejected.
  • Drop: The packet will be dropped without any notice to the remote side.

Following actions are available to configure Input rules on the GWN7000 under “Firewall →Traffic Riles → Input” for configured protocols.

  • To add new rule, Click on
  • To edit a rule, Click on
  • To delete a rule, Click on

The following example rejects incoming ICMP request to WAN port 1, this means that whenever the GWN7000 receives and incoming ICMP request on WAN port 1 the destination IP address will receive a message stating that the destination IP address is unreachable.

Below screenshot shows configuration example:

C:\Users\Soukaina\Desktop\1111.png

  1. Enter a name in the “Name” to identify the rule.
  2. Click on “Enable” to activate the input rule.
  3. Choose the IP version from “IP Family” whether it’s IPv4 or IPv6 or Any for both.
  4. Select the source of incoming traffic from “Source Group” dropdown list, it could be an internal network group or external traffic from WAN port 1 or 2.
  5. Choose the protocol you want to allow or reject.

In this example: ICMP.

  1. Select the protocol type you want to process.

In our example: echo-request.

  1. On the “Firewall Action” dropdown list chooses to allow, reject or drop.

In our example: we selected reject so that incoming “echo-request” packets to the GWN7000 will be rejected.

For more details about other fields please refer to [TRAFFIC RULES TABLE].

Output

The GWN7000 allows to filter outgoing traffic from the local network group to outside networks and apply rules such as:

  • Accept: To allow the traffic to go through.
  • Reject: A reply will be sent to the remote side stating that the packet is rejected.
  • Drop: The packet will be dropped without any notice to the remote side.

Following actions are available to configure Output rules on the GWN7000 under “Firewall → Traffic Riles → Output” for configured protocols.

  • To add new rule, Click on .
  • To edit a rule, Click on .
  • To delete a rule, Click on

The following example will reject every outgoing ICMP request from GWN7000 to network Group1, this means that whenever the GWN7000 receives an ICMP “echo-request” from another network group or from WAN port 1 or 2 sent to network group 1 will be rejected.

Below screenshot shows configuration example:

C:\Users\Soukaina\Desktop\02020202.png
  1. Enter a name in the “Name” to identify the rule.
  2. Click on “Enable” to activate the output rule.
  3. Choose the IP version from “IP Family” whether IPv4 or IPv6 or Any for both.
  4. Choose the protocol you want to allow or reject.

In this example: ICMP.

  1. Select the protocol type you want to process.

In this example: echo-request.

  1. Select the Destination Group
  2. On the “Firewall Action” dropdown list chooses to allow, reject or drop.

In this example: we selected reject so that incoming “echo-request” packets to the GWN7000 will be rejected.

For more details about other fields please refer to [TRAFFIC RULES TABLE].

Forward

The GWN7000 allows to filter traffic passing through it, from a group or a WAN port to another one and apply rules such as:

  • Accept: To allow the traffic to go trough
  • Reject: A reply will be sent to the remote side stating that the packet is rejected.
  • Drop: The packet will be dropped without any notice to the remote side.
C:\Users\Soukaina\Desktop\03030.png

Following actions are available to configure Forward rules on the GWN7000 under “Firewall → Traffic Riles → Forward” for configured protocols.

  • To add new rule, Click on .
  • To edit a rule, Click on .
  • To delete a rule, Click on

The following example will reject every incoming ICMP request from WAN port 1 that has for destination WAN port 2, this means that whenever there is an ICMP “echo-request” passing through the GWN7000 from WAN port 1 to WAN port 2 the GWN700 will reject this packet.

Below screenshot shows configuration example:

C:\Users\Soukaina\Desktop\040404.png

  1. Enter a name in the “Name” to identify the rule.
  2. Click on “Enable” to activate the forward rule.
  3. Choose the IP version from “IP Family” whether IPv4 or IPv6 or Any for both.
  4. Select the source of incoming traffic from “Source Group” dropdown list, it could be an internal network group or external traffic from WAN port 1 or 2.
  5. Choose the protocol you want to allow or reject.

In this example: ICMP.

  1. Select the protocol type you want to process.

In this example: echo-request.

  1. Select the Destination Group
  2. On the “Firewall Action” dropdown list chooses to allow, reject or drop, in our example we selected reject so that incoming “echo-request” packets to the GWN7000 will be rejected.

For more details about other fields please refer to [TRAFFIC RULES TABLE].

TRAFFIC RULES TABLE

The following table provides explanation about each field related to traffic rules feature.

Field

Description

Name

Specify a name for the traffic rule.

Enabled

Check to enable this rule.

IP Family

Select the IP version.

Three options are available: IPv4, IPv6 or Any.

Source Group

Select a WAN interface or a LAN group for Source Group, or select All.

Protocol

Select one of the protocols from dropdown list or All.

Available options are: UDP, TCP, TCP/UDP, UDP-Lite, ICMP, AH, SCTP, IGMP and All.

Source IP Address

Set the source IP address.

It can be an IPv4 or IPv6 address.

Source Port(s)

Set the source port.

It can be one or many ports separated by spaces.

Source MAC address

Set the source MAC address.

Destination Port(s)

Set the destination port.

It can be one or many ports separated by spaces.

Schedule Start Date

Click on icon to schedule a start date for this rule to be applied.

Schedule End Date

Click on icon to schedule an end date for this rule to cease effect.

Schedule Start Time

Click on icon to schedule a start time for this rule to be applied.

Schedule End Time

Click on icon to schedule an end time for this rule to cease effect.

Schedule Weekdays List of Weekdays

Select the days when the traffic rule will be applied.

Unselected days will ignore this rule.

Schedule Days of the Month

Enter the days of the months (separated by space) when the traffic rule will be applied.

Example: 5 10 15

This will be applied only on 5th, 10th and 15th day monthly.

Treat Time Values as UTC Instead of Local Time

Check to use UTC as time zone for the specified times, instead of using GWN7000’s local time.

Firewall Action

Select which action to perform for the given traffic rule.

Three options are available: Accept, Reject or Drop.

Table 1: Traffic Rules

Was this article helpful?

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support

Leave a Comment

We use cookies in order to give you the best possible experience on our website. By continuing to use this site, you agree to our use of cookies.
Accept