This article describes how to configure custom Traffic Policies on a DNA.
- Datto Networking Appliance (DNA)
A Traffic Policy allows operators to define rules that allow or block incoming and outgoing traffic based on its port, IP address, or both of these parameters.
Once on the Firewall page, click the Traffic Policy link. You will see the Traffic Policy card shown in Figure 2.
Click New Rule to create a new traffic policy rule. Multiple rules can be created. Use the following fields and options to configure your rule:
- Order: Allows you to attribute a numerical value to the rule. Rules are processed sequentially based on the order value, with the lowest value representing the highest priority (1, 2, 3, etc.). In the example shown in Figure 3, two rules are blocking and allowing the same IP address; the block rule has an order value of 1, and the allow rule has an order value of 2. When the rule is applied to traffic, the block rule will take precedence due to its order value.
- Name: Allows you to a name for the rule.
- Allow: Allows you to specify if incoming/outgoing traffic matching this rule is allowed or blocked.
- Source IP/Subnet: Allows you to enter the incoming IP address the rule will use. For example, all traffic originating from 188.8.131.52. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). The rule will apply to all source IP addresses if the field is blank.
- Incoming Port(s): Allows you to enter the incoming port or port range this rule will use. For example, incoming traffic using port 80. The rule will apply to all ports if the field is blank.
- Protocol: Allows you to define the traffic type the rule applies to. Select TCP, UDP, or Both.
- Dest IP/Subnet: Allows you to enter the outgoing IP address the rule will use. For example, all traffic traversing to 184.108.40.206. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). The rule will apply to all destination IP addresses if the field is blank.
- Port(s): Allows you to enter the destination port this rule will use. For example, outgoing traffic using port 80. The rule will apply to all ports if the field is blank.
- Delete: Pressing the X button will delete the rule.
Click Save Changes to save all modified settings.
Allowing/Blocking LAN or VLAN traffic
When creating your rule, enter the LAN or VLAN IP range in both the Source and Dest IP fields.
Allowing/Blocking traffic by port
Use Port Forwarding rules to ensure port defined application traffic is sent to specific machines; conversely, use traffic policy rules to block incoming and outgoing port defined traffic.
The Web Filters feature requires open access to the IP addresses 220.127.116.11, 18.104.22.168, 22.214.171.124, and 126.96.36.199 over TCP port 53.