Firewall ACL Rules. How to choose a IP-Port Group along with IP group source and destination.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Firewall ACL Rules. How to choose a IP-Port Group along with IP group source and destination.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Firewall ACL Rules. How to choose a IP-Port Group along with IP group source and destination.
Firewall ACL Rules. How to choose a IP-Port Group along with IP group source and destination.
2023-11-03 22:32:50
Tags: #ACL
Hardware Version:
Firmware Version: 5.12.7

Omada SDN Controller version 5.12.7

Trying to setup the Omada SDN Controller for Gateway ER707-M2, but I'm sure it's similar for the ER605 V2 as well.

In the local setting, we had to choose a service type when selecting Source and Destination for Firewall Access Control List.

 

How do we do that with the Omada SDN?

I see when choosing the ACL,

there is either the option to choose IP-Port Group, or an IP Group. but not a IP-Port Group for a Source and Destination IP-Group.

Is there any way to add a port group between two IP-Groups?

Or if I choose a Port Group, then one source or distnation must be by default ANY?

Thank you so much.

  0      
  0      
#1
Options
3 Reply
Re:Firewall ACL Rules. How to choose a IP-Port Group along with IP group source and destination.
2023-11-06 08:50:14

  @FlameOtter 

 

What do you mean? Can you share an example with us?

It doesn't support choosing IP-port group when you choose LAN-LAN direction.

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:Firewall ACL Rules. How to choose a IP-Port Group along with IP group source and destination.
2023-11-06 12:21:44

  @Virgo 

Okay thanks for replying.

For example, when Creating a new ACL Rule.

I choose

Direction: [Wan1] IN

Policy: Permit

Protocols: TCP, UDP

Time range: 

Rule

Source: I can choose either an IP Group Which is can be a specific incoming IP or group of address.

The Destination can be either an IP Group or an IP Port Group but not both.

 

When configuring locally. There is the option of all three.

I guess instead of Protocols under the locally managed router, there is the option to create certain service types instead of IP Port Groups since the IP Port Groups are only selectable from my experience in the two options of Destination and Source.

 

Is there method to add protocols for different services?

Thanks so much, or is there another rule that can be added in a different setting to control service/protocol?

Thanks in advance.

 

  0  
  0  
#3
Options
Re:Firewall ACL Rules. How to choose a IP-Port Group along with IP group source and destination.
2023-11-06 12:59:36

  @Virgo 

Or is there instructions or a tutorial on the recommended methods to setup Firewall ACL Rules?

 

As of now, it seems like allow all sources through a port IP- Port Group to a specified destination IP Group.

Or allow a specified sourceIP Group through all ports to a specificed destination IP Group.

 

Is it possible to be more granular?

  0  
  0  
#4
Options

Information

Helpful: 0

Views: 1387

Replies: 3

Tags

Related Articles