what is the name for Zone-Based Policy Configuration in pfsense?
-
Zone / trust level numeric assignment process?
When I have one firewall and 5 different zones, I want to assign values to each net/zone rather than writing a ton of rules. For example R&D host are in 5 subnets or VLANS so I assign them a value of 100, Accounting is in two vlans and their value is 50, The internet is untrusted so it is assign value of 0. I can flow traffic from higher trust to lower but not reverse. this would be fine but then tommorow Someone say we have a new department and the level of trust is between R&D and acct so I assign a value of 75.
I want the rules previously setup to continue to work and I now want the new department to flow only to lower levels of trust but not higher. The other big vendor calls this "Zone-Based Policy Configuration Model " does pfsense have this feature? What is it called and can someone point me to the configuration options?
Thanks in advance.
-
Those concepts do not exist in pfSense.
You can sort of make "zones" with interface groups to apply rules to several interfaces at once, but not effectively in most cases.
-
@jimp Hello
Just a quick question: Is the OpenVPN Interface acting like Group interface if you have a multiple VPN connections :) ? -
@xlameee said in what is the name for Zone-Based Policy Configuration in pfsense?:
@jimp Hello
Just a quick question: Is the OpenVPN Interface acting like Group interface if you have a multiple VPN connections :) ?Yes. The OpenVPN tab is a group tab that covers all OpenVPN interfaces. It is checked before the per-interface rule tabs are checked. See https://www.netgate.com/docs/pfsense/firewall/firewall-rule-processing-order.html for more info.