Visible NAT Implicit Rules
Zyxel Employee
Visible NAT Implicit Rules
In Nebula 18.00, we’ve introduced a minor but significant enhancement to the firewall's security policy management by making NAT implicit rules visible. This update improves transparency and helps users understand the automatic configurations applied to their network security.
Overview of Implicit Rules
What Are Implicit Rules?
Implicit rules are predefined by the system to allow traffic between certain network zones without requiring manual rule creation. For instance:
- LAN1 to LAN2: Automatically allowed
- VLAN 20 to WAN: Automatically allowed
These rules ensure that basic network connectivity is maintained without requiring users to manually configure every policy.
Enhancements to NAT Rules Visibility
Background
Previously, when users created NAT rules on their on-premise firewall, they had to manually update the security policy to allow traffic matching the NAT rule. However, in Nebula Control Center (NCC), this was done automatically in the background, which sometimes led to confusion among users who were unaware of these implicit rule configurations.
New Feature: Visible NAT Rules
With Nebula 18.0, we have made these NAT rules visible in the security policy to provide clarity and transparency.
How It Works
- Creating NAT Rules: When you create a virtual server profile or a one-to-one NAT profile in NCC, the system automatically generates the corresponding security policy rule.
- Visible in Security Policy: These automatically generated NAT rules are now visible in the implicit security policy section.
Order of Rules
The order of the implicit rules in the security policy is as follows:
- One-to-One NAT Rules: These are placed at the top of the list.
- Virtual Server Rules: These follow the one-to-one NAT rules.
- Other Policies: Such as LAN or guest access policies, come after the NAT rules.
Benefits
- Improved Transparency: Users can now see the automatically generated rules, providing better insight into their network’s security configuration.
- Ease of Management: By making these rules visible, users can more easily manage and troubleshoot their network policies.
Steps to View Implicit NAT Rules
- Navigate to Security Policy: Access the security policy section in your NCC dashboard.
- Locate Implicit Rules: Find the implicit rules section where you will now see the automatically generated NAT rules.
- Review Rule Order: Observe the order of the rules, with one-to-one NAT rules at the top, followed by virtual server rules, and then other policies.
Conclusion
The enhancement to make NAT implicit rules visible in Nebula 18.0 is designed to improve user experience by providing greater transparency and control over firewall configurations. By understanding these automatic rules, users can better manage their network security and ensure their configurations align with their security policies.
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight