Datto Networking Appliance (DNA): Traffic Policy

Follow

Topic

This article describes how to configure custom Traffic Policies on a DNA.

Environment

  • Datto Networking Appliance (DNA)

Description

A Traffic Policy allows operators to define rules that allow or block incoming and outgoing traffic based on its port, IP address, or both of these parameters.

Navigation

To access the Traffic Policy card, log into the DNA web interface, and click the Firewall tab.

mceclip1.pngFigure 1: Firewall (click to enlarge)

Once on the Firewall page, click the Traffic Policy link.

Configuration

Click New Rule to create a new traffic policy rule. Multiple rules can be created. Use the following fields and options to configure your rule:

  • Order: Allows you to attribute a numerical value to the rule. Rules are processed sequentially based on the order value, with the lowest value representing the highest priority (1, 2, 3, etc.). In the example shown in Figure 3, two rules are blocking and allowing the same IP address; the block rule has an order value of 1, and the allow rule has an order value of 2. When the rule is applied to traffic, the block rule will take precedence due to its order value.

Figure 2: Rules blocking and allowing traffic (click to enlarge)

  • Name: In this field, you can specify a name for the rule.
  • Allow: This menu lets you specify whether your DNA should allow or block incoming or outgoing traffic.
  • Source IP/Subnet: Enter the incoming IP address the rule will use. For example, you may apply the rule to all traffic originating from 8.8.8.8. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). The rule will apply to all source IP addresses if the field is blank.
  • Incoming Port(s): Enter the incoming port or port range this rule will use. For example, incoming traffic using port 80. The rule will apply to all ports if the field is blank.
  • Protocol: This menu lets you define the traffic type the rule applies to. You can select from the following options:
    • TCP
    • UDP
    • TCP & UDP
    • ICMP
    • UDB-Lite
    • ESP
    • AH
    • SCTP
    • OSPF
    • All
    • Other (enter a protocol number between 0 and 255)
  • Dest IP/Subnet: Enter the outgoing IP address the rule will use. For example, all traffic traversing to 8.8.8.8. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). The rule will apply to all destination IP addresses if the field is blank.
  • Port(s): Enter the destination port for the rule. For example, outgoing traffic using port 80. The rule will apply to all ports if the field is blank.
  • Delete: Press the X button to delete the rule.

Click Save Changes to save all modified settings.

mceclip2.pngFigure 3: Traffic Policy with one new rule (click to enlarge)

Common Rules

Allowing/Blocking LAN or VLAN traffic

When creating your rule, enter the LAN or VLAN IP range in both the Source and Dest IP fields.

Allowing/Blocking traffic by port

Use Port Forwarding rules to ensure that your DNA sends port-defined application traffic to specific machines.

Web Filters

The Web Filters feature requires open access to the IP addresses:

  • 18.219.167.83
  • 13.57.118.138
  • 13.54.39.168
  • 18.130.11.250 over TCP port 53

Additional Resources


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Datto Community Forum or the Datto Community Online.

For more Business Management resources, see the Datto RMM Online Help and the Autotask PSA Online Help .

Still have questions? Get live help.

Datto Homepage