Results 1 to 3 of 3
  1. #1
    Newbie
    Join Date
    Apr 2020
    Posts
    8

    Default Policy and Firewall Clarification

    I'm looking for some clarification on how the firewall rules work if you have multiple policies.

    As an example:

    I have a VLAN and the default internal interface. I have a policy setup for the VLAN and a rule to apply the policy to the VLAN (Source Interface = VLAN). The VLAN policy also uses the default policy as it's parent. It doesn't have any of it's own apps installed.

    Now say I set a firewall rule in the default policy's firewall that blocks Source Interface = VLAN and Destination = Any non-WAN interface. At this point all traffic from VLAN to Internal interface is blocked.

    Now I add a firewall to the VLAN's policy with no rules. At this point traffic will freely flow between the VLAN and the internal interface even though the firewall in the default policy is set to block it?

    If a rule applies only the apps for that policy get applied even if the destination (in this case the internal interface) has it's own policies/firewall rules? I'd like to make sure I understand how this works so I set up my firewall rules correctly. I had expected that both firewalls would run (the default and the one for the VLAN) because the traffic is coming from the VLAN and going to the internal interface. But that doesn't appear to be the case.

    I know I can use the filters to block access between interfaces/VLANs. The reason I am using the firewall instead is I like seeing in the report what is getting blocked.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,655

    Default

    Only apps in the policy of the session will be applied. If the VLAN is send to the second policy which has a separate Firewall app, only the rules of the second rack Firewall app will apply.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Apr 2020
    Posts
    8

    Default

    Quote Originally Posted by jcoffin View Post
    Only apps in the policy of the session will be applied. If the VLAN is send to the second policy which has a separate Firewall app, only the rules of the second rack Firewall app will apply.
    Thank you for the quick response. That makes sense.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2