2.3.1. Procedure – IP filtering using a zone
Purpose:
Firewall rules can select the service to be started based on the zone that the server and the client belongs to. Zones are organized based on IP addresses, the rule specifies which clients can use which services to access the specified servers. To create whitelists using a zone, complete the following steps.
Steps:
Create a zone containing only the servers that require client-side authentication (or that have other reasons why the connection cannot be proxied).
Select the site that contains the firewall host, then click , and create a new zone (for example,
banks).Select the newly created zone, and add a network to the zone, that is, specify the and of the target servers. Include only the servers that you want to be available via encrypted but not proxied channels.
Note You will also need a client zone. You can use the entire intranet or a smaller zone, as required. Create a new zone for the clients if you want to make these servers available only to certain clients.
Create a new service.
Select your firewall host, navigate to , then click .
Create a new service, for example,
intra_PLUG_banks.Select .
Specify other service parameters as required for your environment.
Create a firewall rule that uses the zones and the service created in the previous steps.
Select , and select the service created in the previous step. For more details on creating firewall rules, see Section 6.5, Configuring firewall rules in Proxedo Network Security Suite 2 Administrator Guide.
Select , and select the zone from which the clients will connect to the servers (for example,
intranet).Select , and select the zone that contains the whitelisted servers (for example,
banks).Configure the other parameters of the rule as needed for your environment, then click .
Commit and upload your changes, then restart Application-level Gateway.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu
