This article describes how to configure custom traffic policies on a Datto DNA.
- Datto Networking Appliance (DNA)
A traffic policy enables operators to define rules that allow or block incoming and outgoing traffic based on its port, IP address, or both of these parameters
Click New Rule to create a new traffic policy rule. You can create multiple rules. Use the following fields and options to configure your rule:
- Order: This field lets you attribute a numerical priority to the rule. Rules are processed sequentially, with the lowest value representing the highest priority (1, 2, 3, etc.). In the example shown in Figure 2, two rules are blocking and allowing the same IP address. When applied to traffic, the block rule will take precedence due to its order value.
- Name: In this field, you can specify a name for the rule.
- Allow: This menu lets you specify whether your DNA should allow or block incoming or outgoing traffic.
- Source IP/Subnet: Enter the incoming IP address the rule will use. For example, you may apply the rule to all traffic originating from 126.96.36.199. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). If you leave this field blank, the rule will apply to all source IP addresses.
- Source Port(s): Enter the incoming port or port range this rule will use. For example, incoming traffic uses port 80. If you leave this field blank, the rule will apply to all ports.
- Protocol: This menu lets you define the traffic type to which the rule applies. You can select from the following options:
- TCP & UDP
- Other (enter a protocol number between 0 and 255)
- Refer to the IANA Assigned Internet Protocol Numbers for further information
- Dest IP/Subnet: Enter the outgoing IP address the rule will use. For example, all traffic traversing to 188.8.131.52. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). If you leave this field blank, the rule will apply to all destination IP addresses.
- Dest Port(s): Enter the destination port for the rule. For example, outgoing traffic using port 80. If you leave this field blank, the rule will apply to all ports.
- Delete: Press the X button to delete the rule.
Click Save Changes to save all modified settings.
Allowing and Blocking LAN or VLAN traffic
When creating your rule, enter the LAN or VLAN IP range in both the Source IP and Dest IP fields.
Allowing and Blocking traffic by port
Use Port Forwarding rules to ensure that your DNA sends port-defined application traffic to specific machines.
The Web Filters feature requires open access to the IP addresses:
- 184.108.40.206 over TCP port 53