This article describes how to configure custom Traffic Policies on a DNA.
- Datto Networking Appliance (DNA)
A Traffic Policy allows operators to define rules that allow or block incoming and outgoing traffic based on its port, IP address, or both of these parameters.
Once on the Firewall page, click the Traffic Policy link.
Click New Rule to create a new traffic policy rule. Multiple rules can be created. Use the following fields and options to configure your rule:
- Order: Allows you to attribute a numerical value to the rule. Rules are processed sequentially based on the order value, with the lowest value representing the highest priority (1, 2, 3, etc.). In the example shown in Figure 3, two rules are blocking and allowing the same IP address; the block rule has an order value of 1, and the allow rule has an order value of 2. When the rule is applied to traffic, the block rule will take precedence due to its order value.
- Name: In this field, you can specify a name for the rule.
- Allow: This menu lets you specify whether your DNA should allow or block incoming or outgoing traffic.
- Source IP/Subnet: Enter the incoming IP address the rule will use. For example, you may apply the rule to all traffic originating from 22.214.171.124. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). The rule will apply to all source IP addresses if the field is blank.
- Incoming Port(s): Enter the incoming port or port range this rule will use. For example, incoming traffic using port 80. The rule will apply to all ports if the field is blank.
- Protocol: This menu lets you define the traffic type the rule applies to. You can select from the following options:
- TCP & UDP
- Other (enter a protocol number between 0 and 255)
- Dest IP/Subnet: Enter the outgoing IP address the rule will use. For example, all traffic traversing to 126.96.36.199. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). The rule will apply to all destination IP addresses if the field is blank.
- Port(s): Enter the destination port for the rule. For example, outgoing traffic using port 80. The rule will apply to all ports if the field is blank.
- Delete: Press the X button to delete the rule.
Click Save Changes to save all modified settings.
Allowing/Blocking LAN or VLAN traffic
When creating your rule, enter the LAN or VLAN IP range in both the Source and Dest IP fields.
Allowing/Blocking traffic by port
Use Port Forwarding rules to ensure that your DNA sends port-defined application traffic to specific machines.
The Web Filters feature requires open access to the IP addresses:
- 188.8.131.52 over TCP port 53