Outbound port blocking and NAT
Outbound port blocking allows a network operator to block all outgoing traffic from a specified source port, protocol, and optionally a specified source IPInternet protocol address or subnet.
By default, all outbound internet traffic is allowed. To configure a rule for blocking outbound Internet traffic, click the Firewall tab to display the menu and click Add Firewall Rule. Select Outbound as a Direction. Use the menu under Protocol/Action to select which protocol should be denied outbound access.
Alternatively, you can specify an arbitrary protocol by selecting Other and entering the corresponding protocol number. You can also select Deny Any to deny all outbound traffic based on protocol. Finally, you can select the No NATNetwork Address Translation option if you wish to disable the Network Address Translation (NAT) function on the specified outbound traffic. By default, NAT is applied to all outgoing traffic, meaning that the source IP address of egress packets that originate on the Exinda SD-WANSoftware-Defined Wide Area Network LANLocal area network is replaced with the IP address of the corresponding WANWide Area Network interface, and selecting the No NAT option disables the NAT function for the targeted traffic.
Optionally, a Source Port index for the targeted traffic can be specified. Thus, only packets with a Source Port value matching the entered value is targeted. Also optionally, a source IP address can be specified so that only traffic with a source IP address matching the designated address is targeted. Generally, an IP subnet can also be specified in CIDRClassless Inter-Domain Routing notation, for example, 192.168.1.0/24. In this case, traffic originating from the specified subnet is targeted. The targeted traffic by definition satisfies all the matching conditions, so that effectively the conditions are logically concatenated to specify the targeted traffic.
A text string can also be entered in Notes, to provide a mechanism for the operator to remember the reason or context of the outbound rule.
Multiple outbound blocking rules can be added to provide more flexible blocking of traffic. If a traffic blocking rule that was added previously needs to be deleted, click Delete next to the listed blocking rule. If a blocking rule needs to be edited, the rule can first be deleted and the modified rule can then be entered as before. The Exinda SD-WAN processes outgoing traffic by sequential application of the outbound rules specified. This means if there are conflicts in the outbound rules, the outbound rule nearest the top of the list takes precedence. By default, the list of outbound rules is such that rules entered earlier is lower in the list, so the most recently added rule always takes precedence.
Normally outbound blocking rules should not be specified when the Exinda SD-WAN is configured in Pass Through mode since such blocking would already be done by the legacy network.