Interface groups

G Sloop
2012-01-03
2013-03-05
  • G Sloop
    G Sloop
    2012-01-03

    I'm just starting to use FWB, and I'm wondering  if there is a way to define interface groups.

    i.e. (Internal interfaces, external interfaces, DMZ-interfaces, VPN-Interfaces etc.)

    That way I could have two external interfaces 10.0.0.1 and 10.0.0.2 and add these to a group.
    Then I can define the rules I want to apply, and apply them to a "group"  interface.

    Then it would generate code to apply to each specific interface in the group separately.

    I have multiple clients who I handle firewalls for, and while I can handle each interface class separately, it's much easier and less prone to error if I handle each class as a group.

    Further expansion of the rational: In several cases, we have multiple external interfaces  and I want to apply the same rules to each interface.

    This additional layer of abstraction seems like it should be in FWB, but I don't see it.

    Did I miss it?

    -Greg

     
  • Vadim Kurland
    Vadim Kurland
    2012-01-03

    In fwbuilder you "apply a rule to an interface" by placing interface object in the "Interface" column of the rule. This generates firewall configuration that matches packets crossing given interface.

    You can create an object group, drag and drop interfaces into it, and then place this group in the "Interface" element of the rule or multiple rules.

     
  • G Sloop
    G Sloop
    2012-01-04

    Thanks - that appears to work like a charm.

    -Greg