2.3.1. Procedure – IP filtering using a zone

Purpose: 

Firewall rules can select the service to be started based on the zone that the server and the client belongs to. Zones are organized based on IP addresses, the rule specifies which clients can use which services to access the specified servers. To create whitelists using a zone, complete the following steps.

Steps: 

  1. Create a zone containing only the servers that require client-side authentication (or that have other reasons why the connection cannot be proxied).

    1. Select the site that contains the firewall host, then click New, and create a new zone (for example, banks).

    2. Select the newly created zone, and add a network to the zone, that is, specify the Network address and Netmask of the target servers. Include only the servers that you want to be available via encrypted but not proxied channels.

      Note

      You will also need a client zone. You can use the entire intranet or a smaller zone, as required. Create a new zone for the clients if you want to make these servers available only to certain clients.

  2. Create a new service.

    1. Select your firewall host, navigate to Application-level Gateway > Services, then click New.

    2. Create a new service, for example, intra_PLUG_banks.

    3. Select Proxy class > PlugProxy.

    4. Specify other service parameters as required for your environment.

  3. Create a firewall rule that uses the zones and the service created in the previous steps.

    1. Select Firewall Rules > New > Service > Class, and select the service created in the previous step. For more details on creating firewall rules, see Section 6.5, Configuring firewall rules in Proxedo Network Security Suite 2 Administrator Guide.

    2. Select Conditions > Source > Add > Zone, and select the zone from which the clients will connect to the servers (for example, intranet).

    3. Select Destination > Add > Zone, and select the zone that contains the whitelisted servers (for example, banks).

    4. Configure the other parameters of the rule as needed for your environment, then click OK.

  4. Commit and upload your changes, then restart Application-level Gateway.