DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Solved: Understanding Firewall rules for two groups of users
- simonbb
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
19 Jun 2013 22:58 #76719
by simonbb
Solved: Understanding Firewall rules for two groups of users was created by simonbb
Using a 2830n to control internet access for two groups of users: restricted, and un-restricted.
The scenario is very similar to the one outlined in Example 2 of FAQ 107 - How do I set up a firewall filter?
http://www.draytek.co.uk/support/kb_vigor_filtering.html
(in my example there is no mail server).
The problem I have with the solution from Example 2, is I don't see how the restricted group (those not in "Marketing") are blocked from accessing the web. To me it seems there's a setting or a rule missing.
What am I missing?
The scenario is very similar to the one outlined in Example 2 of FAQ 107 - How do I set up a firewall filter?
(in my example there is no mail server).
The problem I have with the solution from Example 2, is I don't see how the restricted group (those not in "Marketing") are blocked from accessing the web. To me it seems there's a setting or a rule missing.
What am I missing?
Please Log in or Create an account to join the conversation.
- sicon
- Offline
- Contributor
Less
More
- Posts: 642
- Thank you received: 0
21 Jun 2013 15:08 #76753
by sicon
Replied by sicon on topic Re: Understanding Firewall rules for two groups of users
You need a"Block all unless further match" Rule at the top (or in front) of the 1st rule.
You would then create all your allow rules underneath that.
You would then create all your allow rules underneath that.
Please Log in or Create an account to join the conversation.
- simonbb
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
23 Jun 2013 13:12 #76774
by simonbb
Replied by simonbb on topic Re: Understanding Firewall rules for two groups of users
Thank you Sircon
That was my interpretation as well - there was a 'block all' rule missing.
I think the five rules would be clear and instantly understandable by all.
However (having slept on it), Example 2 is a little more subtle. By turning the last rule into an If Not effectively Rule 4 says 'Block everything, except this one condition'. Hence the 'block all' rule and POP3 requirement, are merged - five rules becomes four.
That was my interpretation as well - there was a 'block all' rule missing.
I think the five rules would be clear and instantly understandable by all.
However (having slept on it), Example 2 is a little more subtle. By turning the last rule into an If Not
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek