Rule to public ???

  • Hello,

    i've a firewall with 4 interfaces:


    The default rule allows traffic to "any". "any" is Internet, DMZ and MGMT. I want only allow Traffic to Internet but not to DMZ, MGMT.

    I've created a "pass rule" with destination If I test the rule the traffic to internal is possible but to external traffic is impossible.

    I'm very confused. What is wrong? On each other firewall "" defines "all unknown networks" or in other words "internet".

    How can I create only rule that only has external adresses as desitionation?


  • is everything is only to

    For your problem: create an alias containing all your local subnets you dont want to allow access to.
    In the rule use as destination: !alias (NOT the alias)

  • Thank you. I know the solution with alias. I've hoped for a better solution because I've more then 20 subnet behind the lan-interface.

    Is there a better solution?

  • What is not good about the solution with an alias containing all you private subnets?

Log in to reply