Articles Articles Most Popular Articles Most Popular Articles Most Helpful Articles Most Helpful Articles
Advanced Search
DrillDown Icon Table of Contents
DrillDown Icon What's New
DrillDown Icon Knowledge Base Information
DrillDown Icon Cyberoam UTM
DrillDown Icon Product Literature
DrillDown Icon Best Practices & Policies
DrillDown Icon Protect Your Cyberoam Appliances from Power Fluctuations
DrillDown Icon Version 10.x
DrillDown Icon Version 9.x
DrillDown Icon How To
DrillDown Icon Troubleshooting
DrillDown Icon FAQ
DrillDown Icon Tech Notes
DrillDown Icon Cyberoam WAF aids in PCI DSS Compliance
DrillDown Icon Windows NTLM Vs Cyberoam Clientless Single Sign On Authentication
DrillDown Icon Anonymous proxies blocked by IPS Signatures
DrillDown Icon IM & P2P Applications blocked by IPS Signatures
DrillDown Icon Need of Same Zone Firewall Rule
DrillDown Icon Virus and Spam protection for Mail protocols
DrillDown Icon Need of Multicore-aware UTMs
DrillDown Icon Filtering HTTP over SSL connections
DrillDown Icon Spam detection process using RPD technology
DrillDown Icon Packet flow
DrillDown Icon Protocol Filtering
DrillDown Icon Network Traffic Log
DrillDown Icon Reports
DrillDown Icon Evaluating Cyberoam functionalities
DrillDown Icon Visio Stencils
DrillDown Icon Glossary
DrillDown Icon Product Technical Support
DrillDown Icon Compatibility
DrillDown Icon Cyberoam Virtual UTM
DrillDown Icon Endpoint Data Protection
DrillDown Icon Cyberoam SSL VPN
DrillDown Icon Cyberoam iView
DrillDown Icon Cyberoam Central Console
DrillDown Icon Cyberoam's On-Cloud Management Service
  Email This ArticlePrintPrint Current Article and All Sub-Articles
Rate Icon Rate Icon Rate Icon Rate Icon Rate Icon
 
Need of Same Zone Firewall Rule

Applicable to: version 9.5.3. build 14 onwards

Same zone firewall rule is required when access to the internally hosted servers is to be provided to the internal users. 

It is also popularly known as “Loopback” firewall rule. 

Commonly, a virtual host is created to map the services of the public IP address to the services of the internally hosted servers.   

Cyberoam automatically creates same zone firewall rule for the zone of the virtual host mapped IP address. For example, if virtual host is created for the LAN mapped IP zone then LAN-to-LAN firewall rule is created. Firewall rule is created for the service specified in virtual host.  

Let us consider a hypothetical network were in web server is hosted in the internal network and a website - www.sample.com is hosted in it. The public IP address to access the site is 61.19.10.15.

To allow access to this web site from external world, you need to create

  1. virtual host which will map public IP address (61.19.10.15) to actual Web server (10.10.10.5)
  2. WAN to LAN firewall rule

 while LAN-to-LAN firewall rule is automatically created by Cyberoam.

Now, when an internal user (10.10.10.17) tries to access www.sample.com then the access request will be sent to the public IP address i.e. 61.19.10.15 and then it will be forwarded to actual Web server i.e. 10.10.10.5. But as Cyberoam does not perform NATting and requesting IP address and the server are on the same subnet, the Web server will be directly sent the reply to the internal user.

In this case, request SYN packet will route through Cyberoam but SYN/ACK packet will not route through Cyberoam. Due to this Cyberoam will drop the request and three-way handshake will remain incomplete and user will not be able to access the site.

To overcome this problem, LAN-to-LAN firewall rule is required. This rule will forward the request to Web server with Cyberoam Internal IP address and the Web server will send reply to Cyberoam.

In certain deployments like when access to internally hosted server is to be provided to the internal users only, one has to create same zone firewall rules manually.
 
 
Article ID: 1161
   Copyright © 2013 Cyberoam Technologies Pvt. Ltd.
All rights reserved.		 Knowledge Base Software
Powered By: NovoSolutions, Inc.