You are here: Products > Unified Threat Management > About the Network Menu > Network > Firewall > Firewall rules

Using the Smoothwall Firewall

Note: This topic applies to the Kenilworth Release.

Typically, you use a firewall as a barrier between a trusted and secure internal network, and an external network. You control the flow of traffic through the Smoothwall, and between network zones, using predetermined security rules.

In addition to specifying where traffic comes from and goes to, you can use the Smoothwall firewall to:

Block network traffic originating from specific IP or network addresses

Blocking rules are primarily intended to block hostile external hosts; however, you can also use this feature to isolate internal hosts, for example, in cases of malware infection.

Bridge isolated network zones together

By default, all internal network zones are isolated by the Smoothwall. Zone bridging allows communication to take place between a pair of network zones, for the purpose of resource sharing — for example, within a corporate environment, you may want to isolate departmental networks from each other, but allow access to printers in one.

Reply packets within the same connection are handled by the same rule. However, it should be noted that communication between zones is one-way, that is, always initiated from the same end. To create a bi-directional bridge, you should create a separate rule for each direction of communication.

Bridge user groups to network zones

In addition to network zone bridging, you can further restrict access by only allowing specific groups from one network to access another network zone.

Reply packets within the same connection are handled by the same rule. However, it should be noted that communication is one-way, that is, always initiated from the same end. To create a bi-directional bridge, you should create a separate rule for each direction of communication.

Firewall access rules can be configured where network traffic uses the following path through the Smoothwall:

Network traffic from

Source IP addresses

AND over these

Inbound interfaces

AND to go out over these

Destination IP addresses

AND if they are using these

Services

AND the user is a member of these

Groups

will be

Accepted / Dropped / Rejected

You configure firewall rules in the Network > Firewall > Firewall rules page: