Firewall rules question
I’m looking to buy a FWG so just trying to understand how things work with this system before taking the plunge.
The case I am thinking about is an IOT VLAN where the default is not allowing the devices to connect to other parts of the LAN or WAN; however, there is one device that does need WAN access. How would I set this up?
Maybe to expand on the question… How are firewall rules evaluated? In order top to bottom? Most permissive to least permissive? Most specific to least specific?
It's a little different than a traditional firewall. It's a default Allow, Allows override Blocks, and there is no 'ordering', but they are culminative, or layered. When you look at a device, you can see any rules defined for that Device (or Device Group) and the rules inherited from the Network.
Network = IOT_NETWORK
1. Block "Traffic to All Local Networks'
Device Group = home_iot_speakers
1. Block "Traffic to Internet"
2. Allow to region "United States"
3. Allow to domain "scdn.co:443"
* Devices within home_iot_speakers would be able to access any IP registered to US, and where the domain is scdn.co on port 443, even if it's outside the region. (scdn.co happens to be Spotify CDN, and my speakers keep hitting IPs registered to Sweden)
* All other devices within IOT_NETWORK would be blocked from accessing other local networks, but allowed to internet.
This was super helpful! Thanks.
I also saw another similar question a from a week ago where some rules default to being bi-directional and others are not. This is all very different from what I’m used to in other firewalls (not saying bad, just different and would like to really understand it). Is there a full comprehensive explanation document of how the rules work in the FWG? Everything that I’ve read is relatively high level.
I just posted about this in the General Discussion space in an effort to bring awareness to it.
Please sign in to leave a comment.