cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Highlighted

Grouped firewall rules

I would really appreciate a change in WebUI that makes possible to group firewall rules just like in Smart Console. Firewall rules on my appliance are quite a lot already and it becomes more and more difficult to manage then. If I can combine them in groups that can be collapsed or expanded it will make it much more easy to work with them.

4 Replies

Re: Grouped firewall rules

In my experience, the local management GUI is currently taking a lot of CPU from the box; it is suggested to open Embedded GAiA WebGUI only when needed, not for constant monitoring. The SMB appliances are very easily configured when used in Stand-Alone deployment for simple environments. Preferably, only a few rules have to be created and a lot is just configured by defining the corresponding objects. If you want to use a complicated rule base, i would suggest a centrally managed SMB unit and R80.10 SMS. This will give you much more possibilities (services excluded from VPN, user.def, crypt.def, vpn_route.def and many more) without taking performance from the GW.

0 Kudos

Re: Grouped firewall rules

Thanx for your comments Guenther! I don't know how it is for the others but I can't notice any higher CPU usage as a result of using local WebUI for configuration tasks. I am monitoring it through external syslog and snmp tools so that is not an issue. SMS is out of the question for the moment for financial reasons. I believe change I am asking for is not difficult to implement but it will just make the job a little bit easier for something that is already offered more or less.

0 Kudos

Re: Grouped firewall rules

You are right, CPU usage might not be an issue, but I can see a significant memory impact when using local management.

0 Kudos

Re: Grouped firewall rules

I would say this is different on more powerfull SMB devices - a 620 was very, very slow and unresponsive during TP updates, on a 730 this is much smother. And i still believe that keeping the SMB monitoring page open all the time takes resources from the box, memory, but surely also CPU...

0 Kudos