The host firewall service is the firewall service responsible for governing traffic to and from local services running on the NextGen Firewall F-Series and Next Gen Control Center. The ruleset is split into four rule lists:
- Inbound – Predefined ruleset for inbound traffic to local services running on the F-Series Firewall or Control Center Also allows access to the management ports.
- Inbound-User – Add rules to restrict all inbound traffic to the unit. Management ACLs are not influenced by restricting traffic in the inbound-user rule list. Inbound-user rules are checked only if none of the rules in the inbound rule list matched.
- Outbound – Predefined ruleset for outbound traffic coming from local services running on the F-Series Firewall or Control Center.
- Outbound-User – Add rules to restrict traffic from leaving the unit. Outbound-user rules are checked only if none of the rules in the outbound rule list matched.
Host Firewall Features & Rule Types
The host firewall service restricts policies, rule and connection object types. Application Detection is not possible as Application Control can only be used in the forwarding firewall service.
- Traffic Shaping – For more information, see Traffic Shaping.
- Time restrictions – For more information, see Schedule Objects.
- IPS policies – For more information, see Intrusion Prevention System (IPS)
You can create the following firewall rules types:
- Block – For more information, see How to Create a Block Access Rule
- Deny – For more information, see How to Create a Deny Access Rule
- Pass – For more information, see How to Create a Pass Access Rule
- Dst NAT – Only for Outbound and Outbound-User rule lists. For more information, see How to Create a Destination NAT Access Rule.
The following connection objects are available:
- No Src NAT – default.
- Dynamic Src NAT – Only for Outbound and Outbound-User rule lists.
- Explicit – Explicit connection object.