Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 22 replies
  • Answers 2 answers
  • Subscribers 39 subscribers
  • Views 1300 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Purpose of a group firewall rulex

NoName NoName2

Hello,

what are the group rules of a firewall rule necessary for or what exactly do they do?

What influence do the group rule or when a firewall rule is created in a group ?

Greetings and thanks



This thread was automatically locked due to age.
  • 0 in reply to NoName NoName2

    Show us the DHCP Mapping. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    The IP 172.16.100.17 that is the controller2. Controller1 is below, so I didn't include it in the screenshot.

    I checked the MAC addresses, the client address is also correct, I was on the web server with the IP address and can also see the client's MAC address. It should be the right client.

  • 0 in reply to NoName NoName2

    Check your Zone.

    In Firewall you used Zone WIFI, the DHCP Server is Zone LAN. Change the Zone to LAN. 

    Zones are still a filter, which will be used to match. 

    __________________________________________________________________________________________________________________

  • 0 in reply to NoName NoName2

    Hi,

    the source and destination networks are the same, do you have a hairpin NAT for this rule?

    Also your SIP rule looks a little odd.

    Ia

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to LuCar Toni

    ok, thats it. That was the problem. I have changed the zone from sorufe Wifi to source LAN.

    Ok why is that so. My thought was completely wrong. I thought, because there are WiFi devices, I also have to turn on the WiFi zone. What nonsense of me.

    It remains physically but everything on LAN level and the zones are only to be filtered in advance for the services.

    Is my statement correct ??? If not please correct.

  • 0 in reply to NoName NoName2

    Zones are in principle defined by the interface. Each and every interface has to be mapped to a Zone. If you create a physical or logical interface, the firewall ask you "what zone is this?". This is to be easily able to create firewall rules.

    As you can define a interface as LAN (192.168.1.0/24), you can create a firewall rule LAN to WAN, which cover LAN (All interfaces in LAN Zone) to all Internet based Interfaces (WAN). It removes the need of defining network objects for each interface or knowing the IPs etc. 

    __________________________________________________________________________________________________________________

  • 0 in reply to NoName NoName2

    What is the hairpin for NAT ? Sorry :-)

  • 0 in reply to LuCar Toni

    Mhhh, sorry that I asked stupid. Network technology is not easy.

    But that doesn't replace the NAT rule, does it?

    Unfortunately, I didn't quite understand that. Sorry :-)

  • 0 in reply to NoName NoName2

    XG is a Zone based Firewall. Zones are not in any relation to NAT. 

    zones are like the predefined network objects, you know of UTM9. UTM9 creates 3 objects per Interface, you create. Zones are like that just with a summary option. You can have per interface one individual zone. Or you can include 4000 Interfaces within one zone. There are pre defined zones like LAN or WIFI. But one interface can only be in one Zone. It does not separate the clients within one zone. It simply categorize the interfaces into zones. 

    __________________________________________________________________________________________________________________

Unfiltered HTML