Knowledgebase: Vigor2860
How to configure firewall filter rules to allow VPN if default rule is set to block all traffic.
Posted by Paul Ang on 02 May 2018 04:00 PM

 

 

By default, Draytek firewall filter rule is set to allow all traffic except NetBIOS. In this scenario, we change the firewall filter default rule to block all traffic. 

 

Step 1:  Configure Main office Firewall to Block all Traffic.

             1. Go to Firewall>>General Setup.

        

                 a. Select “Default Rule” tab.

                 b. Select  “Block” under Action/Profile.

                 c. Click “OK” to save your settings.

 

Step 2:  Configure Main Office Firewall to allow VPN traffic going to Remote Office.

             1. Go to Firewall>>Filter Setup and select the 2nd set.

                 

                 a. Select the 2nd rule to create a filter to pass VPN traffic going to the Remote office.

                 b. Select “Check to enable the Filter Rule” and enter comments e.g Main to Remote.

                 c. Select “LAN/DMZ/RT/VPN->LAN/DMZ/RT/VPN under Direction.

                 d. Select “Any” for the source IP address.

                 e. Select edit to specify the subnet of Remote office (192.168.1.1 255.255.255.0).

                 f. Select “Pass immediately” under Filter Action/Profile.

                 g. Click “OK” to save your filter settings.

Step 3:  Configure Main Office Firewall to allow inbound  VPN traffic from Remote Office.

             1. Go to Firewall>>Filter Setup and select the 3rd set.

                 a. Select the 3rd rule to create a filter to pass inbound VPN traffic from Remote office.

                 b. Select “Check to enable the Filter Rule” and enter comments e.g Remote to Main.

                 c. Select “LAN/DMZ/RT/VPN->LAN/DMZ/RT/VPN under Direction.

                 d. Select “Any” for the source IP address.

                 e. Select edit to specify the subnet of Remote office (10.0.0.1 255.255.255.0).

                 f. Select “Pass immediately” under Filter Action/Profile.

                 g. Click “OK” to save your settings.

Step 3:  Testing

             1. Ping PC2 from PC1.

             2. Ping PC1 from PC2.

(0 vote(s))
Helpful
Not helpful

Comments (0)