Storm season is back, bringing with it the potential for significant weather events. If you have clients in areas prone to infrastructure disruption, visit the Disaster Recovery Resources guide for preparedness information. Datto recommends performing proactive disaster recovery testing to mitigate potential downtime. See our articles about the importance of disaster recovery testing and Preparing For A Cloud Virtualization Test: Policies, Procedures, And Partner Responsibilities to learn more. For live updates, follow @datto on Twitter.

DNA: Traffic Policy

Follow

Topic

This article describes how to configure custom Traffic Policies on a DNA.

Environment

  • Datto Networking Appliance (DNA)

Description

A Traffic Policy allows operators to define rules that allow or block incoming and outgoing traffic based on its port, IP address, or both of these parameters.

Navigation

To access the Traffic Policy card, log into the DNA web interface, and click the Firewall tab, as shown in Figure 1.

Figure 1: Firewall (click to enlarge)

Once on the Firewall page, click the Traffic Policy link. You will see the Traffic Policy card shown in Figure 2.

Figure 2: Traffic Policy with one new rule (click to enlarge)

Configuration

Click New Rule to create a new traffic policy rule. Multiple rules can be created. Use the following fields and options to configure your rule:

  • Order: Allows you to attribute a numerical value to the rule. Rules are processed sequentially based on the order value, with the lowest value representing the highest priority (1, 2, 3, etc.). In the example shown in Figure 3, two rules are blocking and allowing the same IP address; the block rule has an order value of 1, and the allow rule has an order value of 2. When the rule is applied to traffic, the block rule will take precedence due to its order value.

Figure 3: Rules blocking and allowing traffic (click to enlarge)

  • Name: Allows you to a name for the rule.
  • Allow: Allows you to specify if incoming/outgoing traffic matching this rule is allowed or blocked.
  • Source IP/Subnet: Allows you to enter the incoming IP address the rule will use. For example, all traffic originating from 8.8.8.8. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). The rule will apply to all source IP addresses if the field is blank.
  • Incoming Port(s): Allows you to enter the incoming port or port range this rule will use. For example, incoming traffic using port 80. The rule will apply to all ports if the field is blank.
  • Protocol: Allows you to define the traffic type the rule applies to. Select TCP, UDP, or Both
  • Dest IP/Subnet: Allows you to enter the outgoing IP address the rule will use. For example, all traffic traversing to 8.8.8.8. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). The rule will apply to all destination IP addresses if the field is blank.
  • Port(s): Allows you to enter the destination port this rule will use. For example, outgoing traffic using port 80. The rule will apply to all ports if the field is blank.
  • Delete: Pressing the X button will delete the rule.

Click Save Changes to save all modified settings.

Common Rules

Allowing/Blocking LAN or VLAN traffic

When creating your rule, enter the LAN or VLAN IP range in both the Source and Dest IP fields.

Allowing/Blocking traffic by port

Use Port Forwarding rules to ensure port defined application traffic is sent to specific machines; conversely, use traffic policy rules to block incoming and outgoing port defined traffic.

Web Filters

The Web Filters feature requires open access to the IP addresses 18.219.167.83, 13.57.118.138, 13.54.39.168, and 18.130.11.250 over TCP port 53. 

Additional Resources


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Head on over to our Community Forum!