The Secure Connector includes a basic firewall to allow users to create policies to handle traffic passing through the device. Traffic using protocols other than TCP or UDP are blocked. The Secure Connector firewall uses a zone concept: The interfaces on the Secure Connector are assigned to a firewall zone, such as LAN, WAN, VPN, or Wi-Fi. Depending on the configuration, a firewall zone may contain no, one, or more than one interfaces. Interfaces with dual purpose, such as the Wi-Fi interface, are assigned to the firewall zone reflecting the current configuration. For example, if configured as a Wi-Fi client, the Wi-Fi interface is part of the WAN firewall zone. When configured as an access point, the interface is placed into the Wi-Fi firewall zone. The source and destination IP address are translated into source and destination firewall zones and then matched to the firewall rules. When a firewall rule matches, the action set is applied.
Secure Connector Firewall Rules
Firewall rules allow you to block or allow traffic between two firewall zones. Traffic must match both the source zone and destination zone for the policy of the rule to be applied. You can exempt a list of IP addresses from the source firewall zone by adding them to the exception list of the rule.
For more information, see How to Create Secure Connector Firewall Rules.
Firewall management rules control access to the web interface and to the command line via SSH, and can also block or allow ICMP traffic. For SSH access to be granted, you must also enable SSH in the Secure Connector Editor.
For more information, see How to Create Secure Connector Firewall Management Rules.
Source NAT rules rewrite the source IP address for connections with the IP address used by the interface associated to the destination zone. You can create source NAT rules for the following zones: WAN, LAN, and Wi-Fi.
For more information, see How to Create Secure Connector Source NAT Firewall Rules.
Destination NAT rules allow you to forward traffic both from a source zone to a specific destination IP address and from a port to another IP address.
For more information, see How to Create Secure Connector Destination NAT Firewall Rules.