304
RAS (medium)
Auto
SNAT
LAN (high)
Auto
SNAT
SX-GATE
Access denied. Add rules to allow specific connections
Access denied. Add rules or change default policy to grant access
Access granted. Restrict by changing the default policy
The names of the available classes reflect the typical use of this class. However this
is just a proposition. In individual cases it can make sense to select a different value.
However you should be aware of the effect of every modification. This is especially
true if the actual purpose of the interface and the proposition differ clearly, e.g. when
selecting "LAN (high)" for the internet interface.
When changing the classification of the interface through which
SX-GATE is configured, make sure that HTTPS access to
SX-GATE is still possible. Otherwise it will no longer be
possible to access the administration frontend with your browser.
The console will then be the only way to modify SX-GATE's
configuration.
Internet (none)
Typically this option is used for interfaces connected to the Internet. By default,
access from the Internet to SX-GATE is denied. The same applies to direct
connections from systems in the LAN to the Internet. To allow specific connections
from the Internet to SX-GATE, you have to define them on the tab labeled "
SX-GATE". Direct connections from LAN to the Internet can be allowed on tab "*
", however if possible, use SX-GATE's components proxy, mail
server, mail client and DNS forwarder instead. These enhance the security of the
browser, email and DNS communication of systems in the LAN.
For accepted IPv4 connections from LAN or RAS zones, network address
translation (NAT) is applied automatically unless overridden by the rules on tab "*
". NAT replaces the source address of outgoing IP packets with
the external IP address of SX-GATE. This will not apply to DS-Lite Internet links.