Home/Support/Support Forum/AN15 FW rules, should they be at the top or bottom of the FW list
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

AN15 FW rules, should they be at the top or bottom of the FW list

0 votes
Hello:

I want to put in the dual sim fail over support as described in AN15 but am not sure if I would put those FW rules at the top or bottom of my current FW.
Here is my current FW.txt:
0 1 #Allow outbound FTP traffic
0 2 pass out break end proto ftp from any to any port=ftpcnt flags S!A inspect-state
0 3 #Allow any other outbound traffic and the replies back in
583985 4 pass out break end inspect-state
0 5 #Allow incoming IPSEC
188197 6 pass break end proto 50
0 7 pass in break end proto udp from any to any port=ike
60 8 pass in break end proto udp from any to any port=ikefloat
0 9 #Allow any traffic within an IPSEC tunnel in both directions
0 10 pass break end oneroute any
0 11 #Allow incoming SSH and SFTP
0 12 pass in break end proto tcp from any to any port=22222 flags S!A inspect-state
0 13 #Allow incoming HTTPS
0 14 pass in break end proto tcp from any to any port=https flags S!A inspect-state
0 15 #Block and log everything else including incoming telnet, http and FTP
114 16 block log break end

Where exactly should I put those ping FW rules?
And, do I need the "pass break end" or does that depend on where I put the two pings inspection lines?

Cheers,
John
asked Jul 24 in Digi TransPort Cellular by jserink Community Contributor (52 points)

Please log in or register to answer this question.

3 Answers

0 votes
Hi and welcome to Digi Forums,

You want to put these rules at the very top of any other firewall rules.
Note however that there is an integrated "Wizard" for setting up Dual SIM from within the web interface of the router (at the top left) which will do all of that configuration etc for you.

If you are still having issues with this setup, please reach out to our Support Team at tech.support@digi.com (make sure to attach a debug.txt: http://ftp1.digi.com/support/documentation/QN_024_Extracting%20the%20debug.txt%20file%20from%20a%20Digi%20TransPort%20or%20Sarian%20router.pdf )

Thank you

Regards

Alex
Digi Technical Support
answered Jul 24 by alexbdigi Community Contributor (56 points)
0 votes
Ok, I used the wizard and its working great.

I also put the Ethernet ports into port isolated mode and used Eth1 as primary and setup a ping on it as well. This is also working perfectly.

Thanx for the help.

Cheers,
John
answered 6 days ago by jserink Community Contributor (52 points)
0 votes
Thanx for the help.
answered 4 days ago by arjeet45o New to the Community (1 point)
...