dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
410
share rss forum feed


trond

@start.no

Allow list of IP adresses for DMZ

I have bougt a zywall USG 300 and want to setup firwall rules for DMZ. Previously in Zywall 5 it was easy to create a firewall rule and add multible source and destination IP addresses that was allowed. In zywall 300 I cannot find an easy way to specify all allowed IP addresses like a list (I have a lot). Do I have to add one by one as object/address and then add them to policy and then add policy to firewall?
/Trond


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
The USG uses an object oriented approach. Simpy stated, you need to create address objects for all IP addresses (as hosts), or range of IP addresses. If you have services that dont already exist on the list, then you need to create those too, as service objects.

Now on the USG you can greate GROUP address objects and GROUP service objects and you can then use these GROUP items in your firewall rules.

Policy rules are mainly designed to allow internet users access to the interent (external access). In most cases policy routes are not required because the router creates them by default (not visible). If you have two ISPs, do load balancing, VPNs, and other funky stuff policy routes come in to play.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


trond

@start.no
Got it, thaks a lot!


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Don't forget that USG has config stored as text file. Download it, insert all the IPs you need, upload and re-apply it.