I'm trying to understand better these two new features:
L7 layer I cannot see where these container can be created, and if they apply only to shaping or if they can be used for rules. Apart the entry in Rules -> Advanced features, I do not see any other menu where create/modify/delete L7 containers. Is it possible to have a better understanding of this feature? Floating rules. As far as I understand, potentially this is very useful, but with a lot of limits. From my point of view, having more "public" sublans on different interfaces, this is the place where to place rules for permitting POP. SMTP, HTTP, etc, going to a single sublan, permitting WAN and all other public sublan to access those services (and writing each rule once only, instead of one time for each interface). But, in this way, I cannot give customers control of floating IP, as these rules are not binded to a specific interface. Am I missing something? Thinking loud... Would have been better to have a different way to implement such feature? For each interface (from the FW point of view): * zone for outgoing rules (what it is permitted from the rest of the world) * zone for incoming rules (what is permitted from this sublan) All "outgoing" zones should be evaluated before "incoming" zones. For a total control, before the "outgoing" zone, there could be another "deny" zone, where to deny "only" incoming packets, despite of other interfaces permissions. Thanks for any help/consideration. Tonino -- ------------------------------------------------------------ in...@zioni Interazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it ------------------------------------------------------------