do you know how can I configure packet filter based on interface ? I don't see in a window "Create new rule" added any new fields for network interface selection.
thanks for the question. We have extended the Definitions > Network objects. you can now add an interface to every of these objects and if the object is used to create a packetfilter rule, either in Network Security > Firewall, but also in Allowed Networks in the Web and Email Security, than we add the interface additionally to it.
You are now also able to create a real 'Internet' Object using the network '0.0.0.0/0' and bind it to the external interface.
By doing this, you will not open up access to the DMZ like in the past, when you used the "Any" object.
You don't want to edit Any, you should create a new one called Internet for example, like in my included screenshot. You can see I have bound it to the External interface on my firewall.
This makes sense. I can see this as particularly useful when creating SNAT rules for internal servers to bind to the external alias address. (Email server)
By creating an interface definition for Internet (0.0.0.0/0) on WAN interface I no longer need to worry about extra SNAT rules to override when using VPN tunnels for remote systems to pull email off of my exchange server.