Changing the firewall policy LAN > Internet

The default policy of DEFENDO's firewall denys direct Internet connections. The article Firewall default policy explains how to access the Internet with DEFENDO. If - and only if - direct connections from the LAN through DEFENDO to the Internet are required, the firewall policy has to be modified.

Required client setup

If the client IP configuration is assigned by a DHCP server you will have to verify the DHCP server's configuration. Otherwise open the network configuration of each client PC.
Enter DEFENDO's IP as gateway (default gateway, router) and name server (DNS). Please make sure DEFENDO's LAN IP is the only IP listed there. Remove any additional entries from both lists to avoid conflicts.

Modification of DEFENDO's firewall policy

Turn to menu item "Modules > Firewall > Settings". Make sure the parameter "IPv4 routing" is enabled
To grant access for a specific application, you need to know the port is uses. Please check the documentation or ask the vendor if you don't know the required port. You can also check the firewall log of DEFENDO as restricted connections will be logged. The requested destination port is labeled "DPT=".
  • Open menu "Definitions > Protocols"
  • You will find a number of predefined protocols with their corresponding port signatures. If you find the required protocol among them, there's no need to modify anything in here
  • Otherwise please add a new protocol
  • Now add the required signatures. The defaults for new entries (protocol tcp, sourc port range 1024-65535) are ok in most situations. You only need to enter the destination port number.
  • Click "Apply" when your done adding port signatures.
Now we are going to add the required a firewall policy rule
  • Click the name of DEFENDO's internet interface in menu "Modules > Firewall > Policies" (usually either adsl0 or eth1)
  • The setting "Zone/Classification (Trustlevel)" of this interface should be set to "Internet (none)"
  • Select the tab labeled "* > DEFENDO > adsl0" (the actual interface name may be different)
  • Open the dialog for adding a new rule
  • Pick one of the predefined protocols or the previously created protocol definition and set the ""Source zone" to "LAN".
  • Enter either a single IP or a whole network, using format "network/netmask" as "Source IP/network". If you leave the field empty to grant access for any IP connected to a DEFENDO interface classified as "LAN".
  • Enter the IP of an Internet server or leave the field "Dest. (...)" empty to grant access to any Internet server.
  • Usually there's no need to change any of the other parameters
  • Finally add the rule and apply the changes

Secure

DEFENDO forces a collection of best-of-breed security modules like firewall, VPN, proxies, virus scanner and anti spam system to interact for one purpose:
To be protected from all online threats and unwanted contents like malicious code, spam and hacker attacks.

Flexible

Each IT scenario is different. The DEFENDO product family will adapt precisely to your demands.
DEFENDO applies for simple Internet connections of small companies, for headquarters / branch office WANs, as well as for complex multi-tiered firewall systems.

More good reasons

  • No backdoors
  • More than 20 years of Internet security experience
  • Award-winning product
  • Support by our development engineers
  • Reseller loyalty
  • Made in Germany