Description: Creating firewall rules with WEBconfig is different to the methods available with LANconfig. This document describes the methodology and syntax required.
Requirements:
Procedure:
In order to avoid having to use the action IDs described below, we recommend that you create firewall objects before you create the actual rules. These object can then be used multiple times for the different rules.
Also, the menu Configuration -> Firewall/QoS -> IPv4 rules -> Rules -> Firewall objects already contains ready-made objects for the most common actions, protocols, source and target addresses (ACCEPT, REJECT, DROP, ANYHOST, LOCALNET, etc.), which can considerably simplify the configuration of firewall rules.
We will demonstrate the process by creating example firewall rules in WEBconfig:
- Block data traffic from a certain source IP address
- Globally allow HTTPS connections
- Guarantee a minimum bandwidth of 256 kbps
Example rule 1: Block data traffic from a certain source IP address:
1.1) Open the configuration of the LANCOM device in WEBconfig, navigate to the menu Configuration -> Firewall/QoS -> IPv4-Rules -> Firewall-Objects -> Object-Table and click the button Add.
1.2) Assign a meaningful name to the object and enter as syntax %A followed by the IP address of the device (e.g. %A10.10.10.1). Then click OK to save the object.
Note:
The Value field accommodates a maximum of 64 characters. In order to use more than 64 characters, an option is to use nested objects. For instructions, see this Knowledge Base article