-
Hmm, thanks! That’s the location! Can we have IPv4 in CIDR format in this file (1.2.3.4/24)? Comments in this file mention ‘an’ IPv4 or ‘an’ IPv6 - so probably not ?
-
-
Not able to add entire subnet in DMZ Incoming Connections
Hi All,
I've been trying to create a rule in DMZ firewall that will allow all incoming connections on given subnet - however, entering IP in CIDR format is throwing an error as below (individual IP works fine). Can you let me know how to fix this? Also, is there a file where we can manually enter DMZ firewall rules (like we do for custom firewall rules in /etc/clearos/firewall.d/custom)?
Thanks
Ruchir -
-
Thanks for your update; this firewall just allows incoming traffic to DMZ network (they are disabled by default). We have next-hop setup for subnet on core switch to clearos system. With DMZ setup, there is no LAN involved - public IP is directly assigned to the machine behind clearos; just that you need to allow incoming connections in DMZ incoming firewall. With current setup (allowing just 1 IP per rule), we will need to create 256 rules for a /24 subnet! I can see the rule in iptables but unsure where exactly is this loaded from so that we can make backend update of rule to include entire /24 subnet.
-
-
Not able to add entire subnet in DMZ Incoming Connections
Hi All,
I've been trying to create a rule in DMZ firewall that will allow all incoming connections on given subnet - however, entering IP in CIDR format is throwing an error as below (individual IP works fine). Can you let me know how to fix this? Also, is there a file where we can manually enter DMZ firewall rules (like we do for custom firewall rules in /etc/clearos/firewall.d/custom)?
Thanks
Ruchir -
-
IPS/IDS For 1-to-1 NAT Firewall Setup?
Hi Guys,
We're evaluating ClearOS 7.2 Business which will be used in Gateway Mode to protect traffic originating from servers behind ClearOS. We are using 1-to-1 NAT Firewall setup to map a public IP to private IP behind ClearOS. I wanted to know if IPS / IDS and antimalware / antivirus will still be able to protect traffic originating from servers behind ClearOS with 1-to-1 NAT firewall setup. I have read in one of the pst that this may not work as expected as traffic will not be scanned with IPS / IDS and for virus / malware if we are using 1-to-1 NAT firewall (which assigns a virtual IP to external eth).
Can some experts provide me with your inputs here and confirm that traffic will still be scanned / protected with 1-to-1 NAT firewall setup?
Many Thanks
Ruchir -
-
IPS/IDS For 1-to-1 NAT Firewall Setup?
Hi Guys,
We're evaluating ClearOS 7.2 Business which will be used in Gateway Mode to protect traffic originating from servers behind ClearOS. We are using 1-to-1 NAT Firewall setup to map a public IP to private IP behind ClearOS. I wanted to know if IPS / IDS and antimalware / antivirus will still be able to protect traffic originating from servers behind ClearOS with 1-to-1 NAT firewall setup. I have read in one of the pst that this may not work as expected as traffic will not be scanned with IPS / IDS and for virus / malware if we are using 1-to-1 NAT firewall (which assigns a virtual IP to external eth).
Can some experts provide me with your inputs here and confirm that traffic will still be scanned / protected with 1-to-1 NAT firewall setup?
Many Thanks
Ruchir -
-
-
Congrats on registering on the site!
-
Toggle Sidebar