Configuring External Access Rules
Note: This topic applies to the Glamis Release.
External access rules allow specific services access to the Smoothwall. A default rule is provided to grant access to all services across the default interface selected during installation. If you have multiple connections configured, you can choose which services have access to an interface.
Note: If the Smoothwall is configured with multiple connections, you must configure an explicit external access rule for some services. These are described separately in the relevant section.
The following services are available for external access rules:
| | FTP proxy alternative (21) |
| | DNS proxy (53) |
| | Other web access on HTTP (80) |
| | Web based admin on HTTP (81) |
| | SNMP (161) |
| | SSH based admin (222) |
| | Heartbeat admin on HTTPS (440) |
Note: Note that a Unified Threat Management serial is required to view the Heartbeat service. For more information, contact your Smoothwall representative.
| | Web based admin on HTTPS (441) |
| | Other web access on HTTPS (442) |
| | RADIUS authentication (1812) |
| | RADIUS accounting (1813) |
| | FTP proxy (2121) |
| | MobileProxy server (61001) |
| | SIP (5060) |
Note: Note that a Unified Threat Management serial is required to view the SIP service. For more information, contact your Smoothwall representative.
The number following the service name denotes the port number used.
Adding External Access Rules
| 1. | Go to System > Administration > External access. |
| 2. | From the Add a new rule panel, configure the following: |
| • | Interface — From the drop-down list, select the interface that access is permitted from. |
| • | Source IP, or network (blank for “ALL”)— Specify individual hosts, ranges of hosts or subnet ranges of hosts that are permitted. |
For a range of hosts, enter an IP address range, for example, 192.168.10.1-192.168.10.50.
For a particular subnet of hosts, enter a subnet range, for example, 192.168.10.0/255.255.255.0 or 192.168.10.0/24.
If no value is entered, any source IP can access the system.
| • | Service — Select the permitted access method. For a detailed description of available services, see Configuring External Access Rules. |
| • | Comment — Enter an optional description of the rule. |
| • | Enabled — New external access rules are enabled by default. Clear the check box to create a disabled rule. |
| 3. | Click Add. |
Note: Do not remove the default external access rule, it provides access to the default internal network.
Editing External Access Rules
| 1. | Go to System > Administration > External access. |
| 2. | From the Current rules panel, Mark the relevant rule. |
| 3. | Click Edit. |
| 4. | Edit the configuration as required. For a detailed description of each setting, see Adding External Access Rules. |
| 5. | Click Add. |
Deleting External Access Rules
| 1. | Go to System > Administration > External access. |
| 2. | From the Current rules panel, Mark the relevant rule. |
| 3. | Click Remove. |