Ok - I host FreePBX’s for my customers at my CoLo facility. We are fronting all our boxes with a SonicWALL and only passing through the defined ports and ranges to the boxes - but we are also using the FreePBX Firewall and I am wondering if I am understanding the Zones and applying them correctly.
Since the box only has a NAT address I am configuring it’s address as Internet:
In reading the Docs, that seems correct even though it’s an Internal address - 1st question - is this right? It’s automatically putting in the whole Subnet which worries me…
Second Question - I have defined the LAN at the CoLo as Local - But that seems in direct contravention to the Interface definition of being Internet.
Is the firewall smart enough to have the Interface defined as Local and still apply all the Firewall Rules to traffic originating outside the local subnet even though all traffic is being passed to it and NATted through the SonicWALL?
It works in this config, but I am paranoid about what we let through.