Managing Filter Rules in Micro Edge
Filter Rules determine whether certain traffic is allowed through the Micro Edge, based on layer 3 criteria such as ports, IP addresses, or interfaces. (These are your traditional, simple "firewall" rules.)
Filter Rules are evaluated from the top down until a matching rule condition is found. The corresponding action is performed and no further rules are evaluated: only the first matching rule is triggered.
Configuring Filter Rules
Filter Rules are found in Settings > Firewall > Filter.
Each rule consists of:
- A Description that identifies the rule (this can be anything you like)
- A switch to enable or disable the rule
- Condition(s), which determine what traffic will be affected by the rule
- An Action to take, if all the above conditions match
You can add as many conditions as necessary to achieve the specific behavior you wish to block. At the bottom of the rule configuration, you'll find a summary line that describes what the rule will do.
For more details about rule conditions, please refer to Conditions Syntax in Micro Edge Rules.
You'll notice a default rule at position #1: 'Drop packets not related to any session'. This will block malformed, invalid, and broadcast packets from passing through the Micro Edge. It is recommended to leave this rule enabled and in the first position.
Example Filter Rule: Blocking Traffic By Port(s) or Protocol(s)
A simple Filter Rule to block Windows RDP connections (TCP traffic on port 3389) would look like this. You could also use the condition Application ID is RDP to simplify this rule, particularly if you're not sure of the exact ports or protocols.
Example Filter Rule: Isolate Interface
If you want to prevent a particular interface from being able to access other internal interfaces, you can use the condition Client Interface Zone. This rule blocks any traffic from the Phones interface to the LAN1 interface:
Example Filter Rule: Blocking High-Risk Applications Between LANs
This rule is a bit more complex, using multiple conditions to prevent applications the Micro Edge determines to be high-risk from communicating with other internal networks. (For more details on how Micro Edge identifies & categorizes application traffic, refer to Application Identification In Micro Edge.)
Please sign in to leave a comment.