Description:

In some scenarios, the communication with certain websites or web servers requires the definition of specific rules. It is easier to store the DNS name of a website rather than its IP address(es). This can be implemented on a LANCOM R&S®Unified Firewall by means of a host (for individual websites) or host/network group (for a collection of websites).

This article describes how to set up DNS-based rules on a LANCOM R&S®Unified Firewall.

Requirements:

  • LCOS FX as of version 10.12 (download latest version)
  • Previously configured and functional local networks including Internet connection
  • The Unified Firewall must be configured in the network as a DNS server or DNS forwarder
  • Web browser for configuring the Unified Firewall

    The following browsers are supported:
    • Google Chrome
    • Chromium
    • Mozilla Firefox

Procedure:

1) Store DNS names of websites in a host object or group object:

If individual firewall rules are to be created for the communication with certain websites, it makes sense to store these in individual host objects (see step 1.1).

If several websites are to be assigned the same firewall rules for communication, it is useful to collect them into a host/network group (see step 1.2).

1.1) Store DNS names of websites in a host:

1.1.1) In the Unified Firewall web interface, click the create a host icon.

1.1.2) Modify the following parameters and then click Create:

  • Name: Enter a descriptive name for the host object (in this example LANCOM).
  • Interface: Select the interface to be used to connect to the website. With a few exceptions, the interface internet must be selected.
  • Host: Enter the DNS name of the website (in this example lancom.com).

When the URL is invoked, it is only the stored domain that is considered, but not any sub-domains (in this example sub-domain.lancom.com). Another host would have to be created for this.


1.2) Storing DNS names of websites in a host/network group:

1.2.1) In the Unified Firewall web interface, click the icon to create a host/network group.

1.2.2) In the field Name, enter a descriptive name for the host/network group (in this example Websites-DNS).

1.2.3) Under Hosts/Networks, adjust the following parameters to create a DNS entry for a website, and add it using the “+” icon. Then click Create to make the Host/Network group.

  • Name: Enter a descriptive name for the host entry (in this example LANCOM).
  • Interface: Select the interface to be used to connect to the website. With a few exceptions, the interface internet must be selected.
  • Hosts/Networks: Enter the DNS name of the website (in this example lancom.com).

Repeat this step for any further websites.

When the URL is invoked, it is only the stored domain that is considered, but not any sub-domains (in this example sub-domain.lancom.com). This would require a further entry to be created under Hosts/Networks.



2) Allow communication between the local network and the websites:

2.1) Click on the network object, select the connection tool and access the firewall rules by clicking the host object or the object for the host/network group

2.2) Use the “+” icon to add the necessary services and protocols for the communications.

2.3) Go to the NAT tab and, under NAT/Masquerading, select the option left-to-right. As a result, all of the services and protocols used for this connection are masked to the outside by NAT.

2.4) Click Create to generate the firewall rule.

2.5) Finally, implement the changes to the configuration by clicking Activate.

All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2019-2024 LANCOM Systems GmbH