I'm trying to understand better these two new features:
L7 layer
I cannot see where these container can be created, and if they apply
only to shaping or if they can be used for rules.
Apart the entry in Rules -> Advanced features, I do not see any
other menu where create/modify/delete L7 containers.
Is it possible to have a better understanding of this feature?
Floating rules.
As far as I understand, potentially this is very useful, but with a
lot of limits.
From my point of view, having more "public" sublans on different
interfaces, this is the place where to place rules for permitting
POP. SMTP, HTTP, etc, going to a single sublan, permitting WAN and
all other public sublan to access those services (and writing each
rule once only, instead of one time for each interface).
But, in this way, I cannot give customers control of floating IP, as
these rules are not binded to a specific interface.
Am I missing something?
Thinking loud... Would have been better to have a different way to
implement such feature?
For each interface (from the FW point of view):
* zone for outgoing rules (what it is permitted from the
rest of the world)
* zone for incoming rules (what is permitted from this sublan)
All "outgoing" zones should be evaluated before "incoming" zones.
For a total control, before the "outgoing" zone, there could be
another "deny" zone, where to deny "only" incoming packets,
despite of other interfaces permissions.
Thanks for any help/consideration.
Tonino
--
------------------------------------------------------------
in...@zioni Interazioni di Antonio Nati
http://www.interazioni.it to...@interazioni.it
------------------------------------------------------------
