How are firewall rules prioritized for QuWAN vRouters in QuWAN Orchestrator?
Last modified date:
2024-07-10
Applicable Products
- QuWAN Orchestrator
- QuWAN vRouter
Details
The order in which firewall rules are evaluated on a vRouter deployed within a QuWAN segment determines which rule takes precedence. This priority depends on the source of the traffic the rule applies to.
LAN Source Traffic
Firewall Priority
- Custom rules: These are user-defined rules with the highest priority.
On your QuWAN device, you can manage custom firewall rules by navigating to the Firewall section. To create a new rule, click Add. To modify an existing rule, locate the rule in the list and click the edit icon under the Action column. - Device segment rules: These are pre-defined rules applied to all traffic within the device segment (where QuWAN vRouter resides).
To manage device segment settings, click QuWAN Device Settings page on your chosen QuWAN device and navigate to the dedicated Segment Settings section. - LAN segment rules: These are pre-defined rules specific to LAN traffic. LAN segment settings are configured within individual LAN port settings.
On your QuWAN device, access the QuWAN Device Settings page, locate the desired LAN port, click the edit icon under the Action column, choose the appropriate segment from the dropdown menu, and save the changes.
VPN Source Traffic
Firewall Priority
- Custom rules: Similar to LAN, custom rules have the highest priority.
- Device segment rules: These still apply to VPN traffic.
- QuWAN QBelt VPN user rules: These are pre-defined rules specifically for traffic originating from QuWAN QBelt VPN clients or users.
In QuWAN Orchestrator, assign segment access to QuWAN QBelt VPN users under VPN Server Settings > Privilege Settings. You can either define the segment during new user creation or edit existing users and choose the segment.
Further Reading
For details on segment and firewall configuration, see the QuWAN and QuWAN Orchestrator Web Help.
