All Edges get their Firewall rules, Stateful Firewall settings, Network and Flood Protection settings, and Edge access sets from the Profile they are linked to.
The Rule from Profile area on the Firewall tab of the Edge Configuration window lets you see all the Firewall rules that were passed down. If you want to, you can also change the Profile Firewall rules and Edge access configuration at the Edge level by following these steps.
- Go to Configure > Edges on the Enterprise panel.
- Click the Firewall tab after selecting an Edge for which you wish to modify the inherited Firewall settings.
- If you want to change the Firewall and inherited Profile rules for the Edge, check the Override box.
You can find the override rules under the Edge Overrides section. The Edge’s inherited Profile rules will be superseded by the Edge override rules. When a Firewall override match value is identical to a Profile Firewall rule, the Profile rule will be superseded.
- Individual Port Forwarding and 1:1 NAT IPv4 or IPv6 rules can be configured at the Edge level by going to Additional Settings > Inbound ACLs. This will allow you to specify these rules individually. Port Forwarding Rules and 1:1 NAT Settings are the places to look for more specific information.
No inbound traffic will be allowed to pass through the firewall unless the Port Forwarding and 1:1 NAT Firewall Rules are defined. This is the default setting. Always, the outside IP address will be the same as the WAN IP address or the IP address from the WAN IP subnet.
When it comes to configuring IPv6 Port Forwarding and 1:1 NAT rules, the only IP address that can be entered is either the Global or Unicast IP address. Link Local Address cannot be entered here.
1:1 NAT Firewall Rules and Port Forwarding
At the Edge level is where you can configure both Port Forwarding and 1:1 NAT rules individually.
