Firewall Question


(Greg Snover) #1

Ok - I host FreePBX’s for my customers at my CoLo facility. We are fronting all our boxes with a SonicWALL and only passing through the defined ports and ranges to the boxes - but we are also using the FreePBX Firewall and I am wondering if I am understanding the Zones and applying them correctly.

Since the box only has a NAT address I am configuring it’s address as Internet:
image
In reading the Docs, that seems correct even though it’s an Internal address - 1st question - is this right? It’s automatically putting in the whole Subnet which worries me…

Second Question - I have defined the LAN at the CoLo as Local - But that seems in direct contravention to the Interface definition of being Internet.
image

Is the firewall smart enough to have the Interface defined as Local and still apply all the Firewall Rules to traffic originating outside the local subnet even though all traffic is being passed to it and NATted through the SonicWALL?

It works in this config, but I am paranoid about what we let through.


(Lorne Gaetz) #2

I think your questions are answered in the wiki: https://wiki.freepbx.org/display/FPG/Firewall
and in this video: Open Source Pro Tips #2 - Firewall Basics


(Defcomllc) #3

No that’s not correct… in interfaces…server static IP interface is set to internet …

The local lan subnet gets set to Trusted in networks…along with many other things…


(Greg Snover) #4

Ok - The video is awesome - Thanks!

Read all the pages on the Firewall Wiki - I am good now!


(system) closed #5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.