I'm new to the vigor 3900 and having some difficulty setting up the firewall rules. I would be very grateful for some help!

The manual states that when evaluating an incoming packet it works it's way through the 'IP Filter' groups in turn and if it find a match with an 'Accept Action' it accepts and ignores all other rules. If no match is found within each Group, it works it's way through the other Filter Group TABs and if no matches are found there, it applies the Default Policy on the 'Default Policy' Tab. So far so good.

However, on the 'Default Policy' tab, it clearly states that the 'Default Policy is applied to the path LAN -> WAN direction only' which is clearly outgoing not incoming.

If after my PASS groups on the IP Filter tab I add a BLOCK group with a single Block everything rule, almost everything is blocked - but not all. For example, I have a NAT redirection linking an internal IP camera with a Public Address and have a simple rule accepting traffic to the specific camera's internal IP address on port 80 and it works fine if the Block rule is disabled but not if enabled. Mind you without the block rule it seems that everything is allowed, I guess because the default 'block' is only being applied to outgoing traffic.

Help!