To summarize, rules are processed in numerical order by the packet filter. Pass rules cause
packets to be allowed into the system and block rules are ones that explicitly block traffic from
entering the system. The last rule is block in all which means that if a pass rule has not yet
matched this particular packet, it will be dropped.
Using this command while trying to establish a connection that may not be working can be a good
method of finding out what is wrong. In this example, 0 packets were blocked by the filter in rule
4 because rules 2 and 3 allowed all packets needed. If there is a misconfiguration, seeing packets
being blocked can be a hint of what is wrong.
Enabling/Disabling IP Filter Rules
When you create a subnet, IP Filter (firewall) rules are automatically generated. An example is
shown above. An option is available to disable these rules that may be used for troubleshooting or
diagnostic purposes. Disabling the firewall turns off all system packet filtering . Any subnet
permit/deny rules are ignored and all traffic will be routed between subnets.
l
If you use the GUI, you will note that if you disable these rules and you navigate to
System >
Network > VLANs > {any subnet} >Permitted Subnets
the following message will be displayed in red
text at the top of the tab:
"Firewall rules are currently disabled. Any 'Permit' and 'Deny' selections made below
will be ignored until firewall rules are enabled."
l
If you use the CLI, you will note that when you enter
eqcli >
show firewall
,the state will
be
Disabled
.
The rules are enabled by default.
To disable in the CLI, enter the following:
eqcli >
firewall disable
eqcli: 12000287: Operation successful
To verify that the firewall (IPv4 Rules) have been disabled, enter the following:
eqcli >
show firewall
Variable
Value
state
Disabled
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
135
Equalizer Administration Guide
Содержание Equalizer GX Series
Страница 18: ......
Страница 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 42: ......
Страница 52: ......
Страница 64: ......
Страница 72: ......
Страница 76: ......
Страница 123: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 123 Equalizer Administration Guide ...
Страница 228: ......
Страница 238: ......
Страница 411: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 411 Equalizer Administration Guide ...
Страница 459: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 459 Equalizer Administration Guide ...
Страница 476: ......
Страница 492: ......
Страница 530: ......
Страница 614: ......
Страница 626: ......
Страница 638: ......
Страница 678: ......
Страница 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 754: ......
Страница 790: ......
Страница 804: ......
Страница 842: ......
Страница 847: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 847 Equalizer Administration Guide ...
Страница 866: ......