Difference between revisions of "RUTX12 Traffic control with Firewall WANzone Splitting"
(.) |
|||
| Line 2: | Line 2: | ||
==Introduction== | ==Introduction== | ||
This article contains instructions on how to configure mobile SIM traffic effectively, The configuration ensures that when SIM1 is active, it provides internet connectivity to all end devices. However, when SIM2 is being used, the configuration should impose restrictions on the traffic flow from PC2 and only traffic from. | This article contains instructions on how to configure mobile SIM traffic effectively, The configuration ensures that when SIM1 is active, it provides internet connectivity to all end devices. However, when SIM2 is being used, the configuration should impose restrictions on the traffic flow from PC2 and only traffic from. | ||
| − | |||
==Prerequisites== | ==Prerequisites== | ||
For this configuration you will need: | For this configuration you will need: | ||
| Line 21: | Line 20: | ||
}} | }} | ||
=== Firewall General Settings === | === Firewall General Settings === | ||
| − | The '''General Settings''' section is utilized for configuring the core policies of the device's firewall. | + | The '''General Settings''' section is utilized for configuring the core policies of the device's firewall. To access this configuration, proceed to: '''Network –> Firewall -> General Setting''' While maintaining the default settings for other options, click on the Edit symbol corresponding to the zones.<br> |
| + | The '''Zones''' section is employed to oversee the default traffic forwarding policies among distinct zones within the device. Both "'''mob1s1a1'''" and "'''mob2s1a1'''" by default are situated within the same Firewall zone, signifying that identical rules are applied to both mobile interfaces/SIM cards. Consequently, any traffic restriction in this zone will simultaneously influence both SIM cards. As a result, it becomes necessary to create two distinct zones for each SIM individually. | ||
| − | [[File: | + | [[File:Firewall_General_setting.png|alt=|700x700px]] |
| + | ==== Editing existing firewall zone ==== | ||
| − | + | [[File:Firewall_wan_zone_split_1.png|border|center|class=tlt-border]] | |
| − | + | [[File:Firewall_wan_zone_split_2.png|border|center|class=tlt-border]] | |
| − | + | ==== Create a new Zone: ==== | |
| − | + | ---- | |
| − | [[File: | + | <br /> |
| − | |||
| − | === Create a new Zone: === | ||
| − | |||
By clicking on '''Add''' button as shown: | By clicking on '''Add''' button as shown: | ||
| Line 46: | Line 44: | ||
[[File:New Zone.png|700x700px]] | [[File:New Zone.png|700x700px]] | ||
| − | === | + | === Traffic rule creation === |
| + | ---- | ||
To establish the traffic rule according to the zones you've set up, follow these steps '''Navigate to Network –> Firewall -> Traffic Rule''' to begin creating the rule. Create and set up the rule to enable the host's access to the web server. | To establish the traffic rule according to the zones you've set up, follow these steps '''Navigate to Network –> Firewall -> Traffic Rule''' to begin creating the rule. Create and set up the rule to enable the host's access to the web server. | ||
| Line 55: | Line 54: | ||
* Click the 'Add' button to confirm and add the rule. | * Click the 'Add' button to confirm and add the rule. | ||
| − | [[File:Add New | + | [[File:Add New Instance.png]] |
=== Specify the source zone === | === Specify the source zone === | ||
| Line 65: | Line 64: | ||
* Within the action field, opt for '''<nowiki/>'Accept''''. | * Within the action field, opt for '''<nowiki/>'Accept''''. | ||
* Click on '''<nowiki/>'Save and Apply''''. | * Click on '''<nowiki/>'Save and Apply''''. | ||
| − | |||
| − | + | [[File:Traffic Rules.png]] | |
| + | |||
| + | |||
| + | You can specify additional settings as you wish. For example, you can set times when this rule should apply. This way, the host will be able to access the web server only at certain times. | ||
Revision as of 08:10, 13 September 2023
Introduction
This article contains instructions on how to configure mobile SIM traffic effectively, The configuration ensures that when SIM1 is active, it provides internet connectivity to all end devices. However, when SIM2 is being used, the configuration should impose restrictions on the traffic flow from PC2 and only traffic from.
Prerequisites
For this configuration you will need:
- Teltonika Networks router with dual sim card support (RUTX11 is being used in the example);
- 2 SIM cards;
- 2 end devices connected to the router (PC's are being used in the example);
Preparation
- Prepare RUTX11, power up the device, insert two sim cards, check that both are active and working. SIM1, SIM2, PWR, and signal strength indicators should light up.
- Access the router through WEBUI, go to Network -> Interfaces, and make sure that one or the other mobile interference is running MOB1S1A1 or MOB2S1A1 (Status = Running). You should be able to see the IP address assigned to it. In addition, it is recommended to perform connectivity checking by using the ping utility.
- Make sure that you have ADVANCED mode enabled. This will allow you to choose from a larger variety of settings.
Configuration
If you're having trouble finding this page or some of the parameters described here on your device's WebUI, you should turn on "Advanced WebUI" mode. You can do that by clicking the "Advanced" button, located at the top of the WebUI.
Firewall General Settings
The General Settings section is utilized for configuring the core policies of the device's firewall. To access this configuration, proceed to: Network –> Firewall -> General Setting While maintaining the default settings for other options, click on the Edit symbol corresponding to the zones.
The Zones section is employed to oversee the default traffic forwarding policies among distinct zones within the device. Both "mob1s1a1" and "mob2s1a1" by default are situated within the same Firewall zone, signifying that identical rules are applied to both mobile interfaces/SIM cards. Consequently, any traffic restriction in this zone will simultaneously influence both SIM cards. As a result, it becomes necessary to create two distinct zones for each SIM individually.
Editing existing firewall zone
Create a new Zone:
By clicking on Add button as shown:
- Choose a Name for this rule as per your preference.
- Set the input to be in the "Reject" zone.
- Configure the forward action to be directed to the "Reject" zone.
- Designate the output to be in the "Accept" zone.
- Activate both Masquerading and MSS clamping options.
- In the "Covered" zone, select the SIM Interface individually. In the provided example, it will be "SIM2" identified as "mob2s1a1".
Traffic rule creation
To establish the traffic rule according to the zones you've set up, follow these steps Navigate to Network –> Firewall -> Traffic Rule to begin creating the rule. Create and set up the rule to enable the host's access to the web server.
- In the 'Add type' field, select 'Add new forward rule'.
- Assign a Name of your choosing to this rule.
- Choose "LAN" as the source zone.
- Select "WAN" as the destination zone.
- Click the 'Add' button to confirm and add the rule.
Specify the source zone
Upon clicking 'Add' in the previous step, a new window will appear, enabling you to define additional configurations.
- Specify the source zone for which the SIM Interface is intended. In the provided instance, this would be SIM2 labelled as "mob2s1a1".
- Choose the MAC address associated with the host to which the rule is to be applied in the source MAC address section. If needed, you can input a custom MAC address.
- Input the IP address of the host in the source IP address field.
- Within the action field, opt for 'Accept'.
- Click on 'Save and Apply'.
You can specify additional settings as you wish. For example, you can set times when this rule should apply. This way, the host will be able to access the web server only at certain times.
