In addition to bug fixes and minor enhancements, Firewall Builder V4.2 adds the following new features:
The following provides a brief overview of these new features to help users with beta testing them. Please report any bugs on SourceForge Tickets
This feature gives users more flexibility to craft narrow NAT rules that should match specific traffic and interface combinations.
Firewall Builder V4.2 adds the ability to configure and manage bridge interfaces and static routes for BSD platforms.
Bridge interfaces are configured in the same general way as documented in the Users Guide for creating bridge interfaces on Linux systems:
NOTE: be sure to update the Firewall Settings -> Script -> "Configure bridge interfaces" checkbox if you would like the Firewall Builder generated script to create the bridge interfaces for you.
Configure static routing as defined in the Users Guide:
Note: you cannot define "Interface" for BSD static routes so that column is not displayed in the Routing policy.
Firewall Builder V4.2 adds the ability to choose to generate system configuration for interfaces, routes, etc. in rc.conf format instead of as a shell script. To enable this, go to the Firewall Settings -> Script menu and select the "file in rc.conf format" radial button.
You can control the name of the generated rc.conf format file in the Firewall Settings -> Compiler menu. Here you can set both the name of the generated files on the local system as well as the names of the files that will be used on the firewall. For example, you could set the name of the generated file to be /etc/rc.conf.local which is the recommended usage.
The location of the files is defined in the Firewall Settings -> Installer menu.
Note: unlike firewall configurations that use the firewall script, if you choose the rc.conf format changes like updating the IP address of an interface are not done automatically.
Firewall Builder V4.2 will now properly generate configuration files for Cisco ASA and PIX devices running v8.0 - v8.3. This includes correctly generating NAT configurations in v8.3 with the new nat() command syntax.
When configurations are generated for Cisco ASA and PIX devices, Firewall Builder will automatically create named objects such as network-objects, service-objects and group-objects that will be used in the generated access list rules. This helps make the rules more readable and reduces the number of rules that are created by Firewall Builder.
Cisco ASA and PIX configurations in "show run" format can now be imported into Firewall Builder. The import process includes:
Object de-duplication has been added to the import process for all supported platforms. If an object in the configuration being imported matches exactly to an object that already exists in the Firewall Builder data file the existing object will be used where possible.
Currently object groups used in Cisco ASA and PIX configurations are not de-duplicated.
The new Import Firewall wizard automatically detects the platform type based on the contents of the configuration file being imported. Where possible Firewall Builder also detects the software version and sets the created firewall object to use the detected platform and version.
Double-clicking an object in the object tree will now only open the object for editing in the Editor Panel. Previously this action would also expand the object if it had child objects which could lead to undesirable behavior for certain types of objects like firewalls.
Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
Using free CSS Templates.