Hello,
I have internal, DMZ and external zone created during installation.
I have used Astaro 7.x and 8.x, now in 8.305.
I can't explain why some firerall rules that should allow some traffic does not.
When i define rules for internal zone, it is not really a problem to choose "Any" for "destination" and it works fine as expected.
Now, for DMZ i want a better control, so for example :
Source : DMZ (Network)
Service : Web Surfing
Destination : External (Network)
It does not work. It's an example out of many why i went in forum many times, and many times advices were "it works better with Any as destination". Correct, it works :) but i were under the shock to read such advices as we could also say "it works even better with no firewall at all". By putting any, we can access the internal zone from the dmz through the web surfing services, the same for all others rules defined this way. That also means that if only "Any" works in destination, then no need to define destination, it should be hard coded directly.
Is there a way to use Astaro without using "Any" everywhere ?
I have internal, DMZ and external zone created during installation.
I have used Astaro 7.x and 8.x, now in 8.305.
I can't explain why some firerall rules that should allow some traffic does not.
When i define rules for internal zone, it is not really a problem to choose "Any" for "destination" and it works fine as expected.
Now, for DMZ i want a better control, so for example :
Source : DMZ (Network)
Service : Web Surfing
Destination : External (Network)
It does not work. It's an example out of many why i went in forum many times, and many times advices were "it works better with Any as destination". Correct, it works :) but i were under the shock to read such advices as we could also say "it works even better with no firewall at all". By putting any, we can access the internal zone from the dmz through the web surfing services, the same for all others rules defined this way. That also means that if only "Any" works in destination, then no need to define destination, it should be hard coded directly.
Is there a way to use Astaro without using "Any" everywhere ?