LAN Firewall rules - missing "IP range" in src/dst

Question

Anyone else missing an ability to use Custom IP Range as a source or destination in LAN Firewall rule? We use CATO LAN Firewall to control traffic between two separate network zones terminated on two different internal firewalls. Since this is a local traffic in the site, we don't want to route it to Cato Cloud so it's not dependent on WAN links. That's why we use CATO LAN Firewall (formerly Local Routing). But the only options to set Source or Destination are: Global range, Host, Interface subnet, Network Interface and Any. Would be very useful if we can use Custom IP ranges and Host Groups there.

p_wegnerowski · Answer

Hi michaelsaw my biggest wish is to use custom IP/ranges in LAN Firewall rules.

If not possible, then the ability to configure a group of Hosts would be a workaround for this limitation - we usually register Hosts for the devices controlled by LAN Firewall.

The ability to configure a group of custom IP addresses/ranges (that you described) would be a great enhancement to both options.

I haven't discussed it with anyone from Cato yet. I was wondering if other users face the same problem and how they deal with it, before raising RFE.

michaelsaw · Answer

Hi p_wegnerowski,&nbsp;You mean to have the ability to configure a group/list of custom IP Addresses like "192.168.1.99", "10.10.1.10-10.10.1.20" (that is not part of any hosts) in CMA, right?&nbsp;This looks like a potential RFE. Have you discussed it with any Cato Representative, so far?Thank you.

nath · Answer

This may need clarification from Cato representatives, but from recent meetings we've had I believe there is a plan to move the LAN FW into the general WAN FW rulebase.&nbsp; Not sure if that will solve your issue and allow the use of more advanced source criteria in a FW rule.

Forum Discussion

LAN Firewall rules - missing "IP range" in src/dst

Related Content

Internet Firewall rule hit counter example

How to get the result of mutation

Re: unable to block windows update

Use Case: Block Youtube category but allow some specific youtube video ID(full path url)

Re: IPS Whitelist GEO_RESTRICTION using domain name

Recent Discussions

Is It Okay to Apply Double TLS Inspection?

EC2 Instance size selection for use with vSocket.

Can the User Awareness feature be used simultaneously with the SRT?

Bypass Hulu Traffic?

How to use the IP range of the PCAP?