Connection

The connection in the firewall rule specifies which data packets the rule refers to. A connection is defined by the source, the destination and the service used. The following details are used to specify the source or destination:

All stations
The entire local area network (LAN)
Certain remote sites (designated by the name in the list of remote sites)
Certain stations in the LAN (designated by the host name)
Certain MAC address
Note: MAC stands for Media Access Control and is the linchpin for communications on a LAN. Every network adapter has its own MAC address. MAC addresses are unique and distinctive worldwide, similar to device serial numbers. Using the MAC addresses, the PCs in the LAN can be specifically granted or denied rights at the IP packet level. Network devices are often labeled with their MAC addresses in hexadecimal notation (for example, 00:A0:57:01:02:03).
Ranges of IP addresses
Complete IP networks
DNS destinations for application-based routing

Host names can only be used if the device can resolve the names into IP addresses. To this end, the device must have learned the names via DHCP or NetBIOS, or the assignment must be entered statically in the DNS or IP routing table. An entry in the IP routing table can therefore assign a host name to a whole network.

Important: If the source or the destination for a firewall rule has not been specified, the rule applies in general to data packets "from all stations" or "to all stations".

The service is determined by combining an IP protocol with the corresponding source and/or destination ports. For frequently used services (WWW, e-mail, etc.), the necessary combinations are predefined in the device, and others can be created as required.