Views:

There are 2 types of directions for traffic - a direction for the client and another one for the server.

  • As a client, to connect a server, these directions must be skipped:
    • Outgoing connection (destination service port) to establish a connection
    • Incoming connection (source service port) for the response from server

    As an example, if you need to skip browser connection to connect a web server via port 443, the following rules may have to be added:

    • Outgoing connection (destination port): 443
    • Incoming connection (source port): 443

    Module state

  • As a server, to serve client connection, these directions must be skipped:
    • Incoming connection (destination service port) to establish a connection from client
    • Outgoing connection (source service port) for the response from client

    As an example, if you need to skip all connections to connect a web server via port 443, the following rules may have to be added:

    • Incoming connection (destination port): 443
    • Outgoing connection (source port): 443

    Module state

The set of examples above is for "Force Allow" case. If you need to bypass traffic without any scan from firewall and IPS, just change the action to "Bypass".

Module state

Keywords: network traffic is blocked after turning on the DSA firewall,connecting to a website works but the outgoing connection is blocked by the DSA firewall, blocked by the DSA firewall, launch web server but all incoming request connections blocked