The Unified Firewall works with a deny-all strategy. Consequently, all communication is initially prohibited, so even after opening the default ports, individual required ports and protocols may still be blocked.
This article describes how to use the Alert Log as a help to create override rules for the blocked ports and protocols.
- LANCOM R&S® Unified Firewall with LCOS FX as of version 10.4
- A configured and functional Internet connection with local network on the Unified Firewall
- Web browser for configuring the Unified Firewall.
The following browsers are supported:
- Google Chrome
- Mozilla Firefox
1) Log the blocked packets and create an override rule:
1.1) In your browser, open the configuration for the United Firewall and switch to the menu item Monitoring & Statistics → Settings.
1.2) From the drop-down menu for Blocked Forwarded Traffic, select the option Save Raw Data Locally and click Save.
1.3) Navigate to the menu Monitoring & Statistics → Alert Log.
1.4) Under More Filters, select the filter Category: Connection Blocked so as to limit the Alert Log to blocked packets only.
1.5) Select the event that you wish to allow, click the “gear-wheel” icon and then on Create new rule (in this example the ICMP protocol was blocked but should be allowed).
1.6) Click Create to make the override rule with the parameters suggested.
Alternatively, you can use the option Create New Host/Network Object to modify the Source or the Destination.
1.7) Finally, implement the changes by clicking the Activate button.
2) Checking the created firewall rule:
2.1) On the desktop, click the network object (in this example the network INTRANET), select the connection tool from the context menu and click the Internet object (in this example LANCOM_Internet-Access) to open the rule table.
2.2) The Rules tab now contains the override rule in step 1.