Managing Access Rules in Micro Edge

Overview

Access Rules control access to Micro Edge services such as the DHCP server or Web Administration.  The default rules that come with Micro Edge allow for access to these services from local networks. In general, it is not necessary to modify these rules and they serve only as a reference.

Notes about Access Rules:

Access Rules have no effect on traffic passing through Micro Edge. For rules to control routed traffic, please refer to Managing Filter Rules in Micro Edge.

Additional rules will be automatically created if you add a WireGuard VPN interface in tunnel mode.

Default Rules

Micro Edge's default rules include allowing remote access to Micro Edge's management UI; determining whether Micro Edge responds to ping; and enabling Micro Edge to act as a DHCP server. 

Accept established

Accept related

Drop invalid

Accept loopback

Rules 1-4 ensure that Micro Edge accepts incoming connections only when the sessions are completely established and valid (i.e., routable).

These rules are necessary for Micro Edge to operate and should always remain at the top of the Access Rules list.

Accept HTTP…

(rules #5 and #6)

Enable access to Micro Edge's management GUI via HTTP/port 80. One rule governs internal traffic and the other external.

If you do not wish to be able to access Micro Edge's GUI via HTTP/port 80 from outside the network, disable "Accept HTTP on WANs".

Accept HTTPS…

(rules #7 and #8)

Enable access to Micro Edge's management GUI via HTTPS/port 443. One rule governs internal traffic and the other external.

If you do not wish to be able to access Micro Edge's GUI via HTTPS/port 443 from outside the network, disable "Accept HTTPS on WANs".

Accept SSH…

(rules #9 and #10)

Enable SSH access to Micro Edge's command line. One rule governs internal traffic and the other external.

"Accept SSH on WANs" can be dangerous and should be enabled with caution.

Accept DNS on LANs

Enables Micro Edge to act as a DNS forwarder. DNS queries sent from internal interfaces will be forwarded to the DNS server(s) configured in the WAN interface(s).

Accept ICMP…

(rules #13 and #14)

Determines whether Micro Edge will respond to ping requests sent directly to it.

One rule governs ICMP. The other governs IPv6-ICMP.

Accept DHCP on LANs Enables Micro Edge to act as a DHCP server for all internal interfaces. If your network uses an internal DHCP server, you can disable this rule.
Accept DHCPv6 on LANs Enables Micro Edge to act as an IPv6 DHCP server for all internal interfaces. If your network uses an internal IPv6 DHCP server, you can disable this rule.
Accept DHCPv6 Replies Enables Micro Edge to accept DHCPv6 responses returned from upstream DHCPv6 servers.

Accept HTTP 8485 threat prevention…

Enables Threat Prevention to serve an HTTP block page or redirect to devices requesting content that is blocked.

Accept HTTPS 8486 threat prevention…

Enables Threat Prevention to serve an HTTPS block page or redirect to devices requesting content that is blocked.

Drop All

Drops any packet which does not meet any preceding rule. This blocks access to Micro Edge itself.

 

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk