Endian Firewall

Navigation menu


Additional rules can be added by clicking on the Add a new firewall rule link at the top of the page. Two boxes are present on this page, one that shows the current rules and allow to add new ones, and one that allows to set the inter-zone firewall options. In this page can be defined rules that apply SNAT to outgoing connections. The inter-zone firewall can be disabled or enabled by using the Enable Inter-Zone firewall switch. An user defined combination of port and protocol should be used only if a service is not running on a standard port e.

Publisher's Description


Possible actions on each rule are to enable or disable it, to edit it or delete it. Additional rules can be added by clicking on the Add a new firewall rule link at the top of the page. Please remember that the order of rules is important: The order of the rules can be changed by using the up and down arrow icons next to each rule. The following settings differ from the default common options.

This search widget allows to select the applications that should be part of the rule. Applications are dividend into categories e. Enter at least one letter to show all applications whose name starts with that letter. It is possible to disable or enable the whole outgoing firewall by clicking on the Enable Outgoing firewall switch. When disabled, all outgoing traffic is allowed and no packet is filtered: This setting is however strongly discouraged and the recommendation is to keep the outgoing firewall enabled.

Whenever the proxy is activated for a given service e. With the proxy activated, whenever a connection starts from a client to the Internet, it will either be intercepted by the proxy on the Endian UTM Appliance in transparent mode or go directly to the firewall, but never go through the firewall. The proxy then starts a new connection to the real destination, gets the data and sends it to the client.

Therefore, such connections never go through the outgoing firewall, since in fact they are local connections. To activate the inter-zone firewall, click on the grey switch. Two boxes are present on this page, one that shows the current rules and allow to add new ones, and one that allows to set the inter-zone firewall options. When the Endian UTM Appliance is configured in no uplink mode, all the network traffic shall be filtered using the interzone firewall.

Also when in Stealth uplink mode with more than one zone defined, all the traffic not routed through the gateway is filtered with the interzone firewall. New rules can be added by clicking on the Add a new inter-zone firewall rule link at the top of the page.

Only the common options can be configured. The inter-zone firewall can be disabled or enabled by using the Enable Inter-Zone firewall switch. Disabling the inter-zone firewall is strongly discouraged.

Please note that VPN hosts are not subject to the outgoing traffic firewall or the Inter-Zone traffic firewall. Two boxes are present on this page, one that shows the current rules and allow to add new ones, and one that allows to set the VPN firewall options. The handling and definition of the rules is identical to the outgoing traffic firewall, so please refer to that section and to the common options for directions on the definition and handling of the firewall rules in this module.

There is a list of pre-configured rules that cannot be changed, whose purpose is to guarantee the proper working of the firewall. Indeed, there are services, among those supplied by the Endian UTM Appliance, that require to be accessed from clients in the various local zones. Examples include using the DNS which requires that the port 53 be open to resolve remote hostnames or using the administration web interfaces which uses port Whenever one of these services is activated, one or more rules are automatically created to allow the proper efficiency of the service itself.

The list of the pre-defined rules is shown when clicking on the Show rules of system services button at the bottom of the page. More system access rules can be added by clicking on the Add a new system access rule link. The setting specific to this module of the firewall are:.

There is no Destination address, as it is the IP address of the interface from which the access is granted or attempted. This page shows, for each of the modules described in this page, a diagram that shows how the traffic flows among the zones, and which is the firewall module that takes charge of the various flows.

The green arrowed lines show which traffic is allowed in each zone and in which directions. When an image is clicked, it will be opened into a gallery that allows to browse all of them like in a slide show.

Note There exist dozens predefined services that can be chosen from the drop down menus and should suffice to allow the most common services to access the Internet. Warning If there is a lot of traffic and packets to be analysed, the size of the log files will likely grow rapidly, so in this case remember to check the log directory regularly to avoid running out of space! Hint Remember that the ordering matters! Besides the common options , these other settings can be configured: Translate to This part of the form changes depending on the current active editing mode , simple or advanced.

Note The Map network translation statically maps a whole network of addresses onto another network of addresses. An example would be: There are mainly two reasons why port-forwarding may not work. The destination server has wrong default gateway. Besides the common options , only one other setting can be configured: The choice to use SNAT allows the selection of the IP address that should be used among those presented in the drop-down menu.

The Auto entries will automatically choose the IP address corresponding to the outgoing interface. Hence, there are now two different types of rules that can be defined on the outgoing firewall: Stateful firewall rules, that filter traffic between IP addresses and ports. Please submit your review for Endian Firewall. Thank You for Submitting Your Review,! Note that your submission may not appear immediately on our site. Since you've already submitted a review for this product, this submission will be added as an update to your original review.

Thank You for Submitting a Reply,! Enter the e-mail address of the recipient Add your own personal message: Select type of offense: Sexually explicit or offensive language. Please include a few pros and a few cons, along with your overall impression of the operating system. Our FAQ page has tips on writing a good mini-review.

Past reviews - sort by: Very Good Firewall, easy to deploy and management Was this review helpful? The problems seem to have been fixed and now its working as expected. Was this review helpful?

Proxy does not work after first install - have got LDAP connected but proxy does not even work at all.

screenshots

Endian offers Firewalls, Unified Threat Management, WiFi & BYOD Hotspot, IoT Security, Secure Remote Connectivity and Industrial Security Appliances. Endian Firewall is an open-source router, firewall and gateway security Linux distribution developed by the South Tyrolean company Endian. The product is available as either free software, commercial software with guaranteed support services, or as a hardware appliance (including support services). Apr 30,  · Endian Firewall Community (EFW) is a "turn-key" linux security distribution that makes your system a full featured security appliance with Unified Threat Management (UTM) functionalities.