User manual
Firewall
137
• Input means filter packets destined for this unit. You can only select the incoming
interface.
• Output means filter packets generated by this unit. You can only select the
outgoing interface.
The Incoming Interface is the interface/network port that the SG unit received the
network traffic on. Set this to None to match traffic destined for the SG unit itself.
The Outgoing Interface is the interface/network port that the SG unit routes the network
traffic out. Set this to None to match traffic originating from the SG unit itself.
The Source Address is the address that the traffic is arriving from.
The Destination Address is the address that the traffic destined to.
Warning
The previous four fields may be set to Any. Any does not match traffic sent or received
by the SG unit itself, only traffic passing through it.
The four fields above may also be set to None or Any. None matches requests
originating from the Cyber
None matches network traffic that is destined for the SG unit itself. This is useful for
controlling access to services provided by the SG unit, such as the web management
console.
Note
When adding a rule, you may either use Predefined addresses or services that have
been added under Definitions, or click New to manually enter an address or service.
The Log option controls whether to log the first packet of the connection to the SG unit’s
system log. You may enter a Log Prefix to make it easier to identify which rules are
being matched when inspecting the system log.