Jump to content

Firewall rules and policies and ease of use - what am I missing here


Go to solution Solved by Marcos,

Recommended Posts

Hi!

 

I am having difficulties of how firewall rules hierarchy is working through a number of policies:

 

When I set FW rules for port exceptions in policy "A" at base level ("All" group) and then later apply policy "B" at sub-group or client level with FW rules what happens to the rules applied earlier? - I assume they just great "overwritten/erased" by policy "B" because I don't see the previous rules in the config menu even if it is the same FW profile - right?

 

If this is the case, how can I "add" another rule to client without loosing previously applied rules? Do I really have to re-enter all rules again (this would be a PITA work)  !? - I was expecting that all manually entered rules are saved in the DB and could be re-used in other policies.

 

Can someone please enlighten me, the help doesn't cover this scenario :-)

Link to comment
Share on other sites

  • Administrators
  • Solution

Firewall rules are handled as one setting, ie. the policy which is applied / forced will be used; rules are not merged from various policies. You can create a policy B which will be a copy of policy A and make the necessary changes in the firewall rules.

 

Merging rules will be implemented in future versions of ERA.

Link to comment
Share on other sites

Firewall rules are handled as one setting, ie. the policy which is applied / forced will be used; rules are not merged from various policies. You can create a policy B which will be a copy of policy A and make the necessary changes in the firewall rules.

 

Merging rules will be implemented in future versions of ERA.

 

Future version as 6.x or 7 ?

Link to comment
Share on other sites

Firewall rules are handled as one setting, ie. the policy which is applied / forced will be used; rules are not merged from various policies. You can create a policy B which will be a copy of policy A and make the necessary changes in the firewall rules.

 

Merging rules will be implemented in future versions of ERA.

 

 

Hi, thx for the clarification - I think this is a clarification missing in the manual.

 

To keep track of all the rules I applied all of them to the base policy bound to IP addresses, so every client only gets the rules it needs and I can't overwrite something by accident - fine with me in my smaller setup.

 

I think it would be sufficient to store all custom rules in the DB and make them available for programming in other polices instead of merging, as merging seems to be more complicated - just my 2c

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...