Press OK to save the changes. Although changes are remembered by cOS Core, the changed
configuration is not yet activated and won't be activated until cOS Core is told explicitly to use
the changed configuration.
Remember that DHCP should not be enabled when using static IP addresses and also that the IP
address of the
Default Gateway
(which is the ISP's router) must be specified. As explained in more
detail later, specifying the
Default Gateway
also has the additional effect of automatically adding
a route for the gateway in the cOS Core routing table.
At this point, the connection to the Internet is configured but no traffic can flow to or from the
Internet since all traffic needs a minimum of the following two cOS Core configuration objects to
exist before it can flow through the Clavister Next Generation Firewall:
•
An
IP Policy
object in the IP rule set that explicitly allows traffic to flow from a given source
network and source interface to a given destination network and destination interface.
•
A
route
defined in a cOS Core routing table which specifies on which interface cOS Core can
find the traffic's destination IP address.
If multiple matching routes are found, cOS Core uses the route that has the smallest (in other
words, the narrowest) IP range.
An IP policy therefore needs to be defined that will allow traffic from clients to the Internet. In
this case, that web browsing is to be allowed from the protected private network
G1_net
connected to the interface
G1
to be able to access the public Internet.
To do this, first go to Policies > Firewalling > Main IP Rules. The
main
IP rule set will now be
displayed.
To add a new IP policy, press the Add button and select IP Policy from the menu.
The properties for the new object will appear. In this example, the policy will be called
lan_to_wan
. The
Service
is set to
http-all
which is suitable for most web browsing (it allows both
HTTP and HTTPS connections).
Chapter 4: cOS Core Configuration
47
Содержание NetWall W20A
Страница 12: ... i Orange when cOS Core is running normally Chapter 1 W20B Product Overview 12 ...
Страница 14: ...Chapter 1 W20B Product Overview 14 ...
Страница 31: ...Chapter 3 W20B Installation 31 ...
Страница 70: ...Chapter 4 cOS Core Configuration 70 ...
Страница 80: ...Appendix B Declarations of Conformity 80 ...
Страница 81: ...Appendix B Declarations of Conformity 81 ...