Creating filter and NAT rules
- In Configuration > Firewalls and folders, browse until you reach the level of the folder to which you wish to apply a rule or until you reach a specific firewall. In the case of specific rules, go directly to the firewall's settings as well from Monitoring view.
- Open the Filter rules or NAT rules tab.
- Click on Add and select either a low- or high-priority rule (priority can only be selected for folders), taking into account the desired order of application, as explained in the previous section.
- Configure the rule:
- When Host, Network or IP address range objects are used in the rule, you can use variable objects, whose IP addresses will be the value corresponding to the relevant firewall. For more information, please refer to the section Managing network objects.
- Objects can be dragged and dropped between filter and translation rules or from the Network objects menu into rules.
- You can create separators between rules in order to organize them by clicking on Add. These separators do not impact the security policy in any way. Click on the title of a separator to change its name or assign a color to it.
The following parameters cannot be completed with data returned by firewalls and must therefore be entered manually through text fields:
- In Source > General > Incoming interface, click on Customized interface.
- In Destination > Advanced properties > Output interface, click on Customized interface.
- Menu Action > Quality of Service > Queue.
- Refer to the Stormshield Network User Configuration Manual for more details on other menus and options.
- Once the configuration of rules is complete, deploy the configuration on the firewalls concerned.
In addition to the rules of the current folder or of the firewall, the Filter rules and NAT rules tabs display the rules of parent folders in read-only. You can therefore view all the rules that apply to a firewall on a single screen, in the order in which they are applied.