The Filtering Settings (Gateway v14+) tab gives you full control over how outbound traffic is inspected and restricted at the gateway level. Security Controls and Firewall Settings are managed from a single screen, providing a unified inspection layer without the need for an external proxy or additional agents.
Security Controls
Web Filter
The Web Filter inspects and controls web traffic based on destination protocol and port. When enabled, all matching traffic is evaluated against the filtering rules defined in your Web Filter policies.
| Field | Description |
|---|---|
| Web Filter | Enables or disables web traffic filtering |
| Protocol | The protocol to inspect. Options: HTTP, HTTPS, Custom HTTP, or Custom HTTPS. Use Custom options to target non-standard ports |
| Port | The destination port to inspect (e.g., 80, 443, 8080, 8443). Only traffic on the configured ports is evaluated |
HTTP and HTTPS cover standard web traffic on their default ports. If your environment routes web traffic through non-standard ports, add them as Custom HTTP or Custom HTTPS entries to ensure full coverage.
Application Filter
The Application Filter enables deep packet inspection on LAN interfaces, classifying traffic by application protocol regardless of the port or encryption method being used.
| Field | Description |
|---|---|
| Application Filter | Enables or disables application-layer traffic identification for LAN interfaces of this site |
Antivirus
The Antivirus engine scans traffic passing through the gateway for known malware and threats, blocking malicious content before it reaches endpoints.
| Field | Description |
|---|---|
| Antivirus | Enables or disables threat scanning on filtered traffic |
Firewall Settings
This section gives you granular control over how the gateway handles low-level network traffic. Each setting targets a specific traffic type or protocol behavior and can be toggled independently. Where available, you can also enable logging to capture matching packets in the traffic logs.
These settings operate at the system level and directly affect how the firewall engine processes traffic. Misconfiguration can result in dropped sessions or reduced network visibility. Review each option carefully before making changes in production environments.
| Setting | Description |
|---|---|
| Drop broadcast traffic packets | Prevents Layer 2/3 broadcast traffic from passing through the gateway. Recommended in environments where broadcast traffic is unnecessary or poses a security risk. Supports optional logging. |
| Drop multicast traffic packets | Filters out multicast traffic commonly used by discovery protocols or group communication applications. Helps reduce noise and limit unwanted traffic exposure. Supports optional logging. |
| Increase firewall UDP timeout | Extends the default timeout period for UDP flows. Useful in media-heavy environments where VoIP or video traffic may time out prematurely. |
| Enable ICMP redirection | Allows the gateway to send ICMP Redirect messages to endpoints. Disabled by default for security. Enable only if required by your routing setup. |
| Enable ISAKMP/IKE fragmented packet handling | Enables support for fragmented IPsec Phase 1 packets. Needed when connecting to VPN peers that send large or split IKE payloads. |
When logging is enabled for broadcast or multicast drops, matching traffic appears in the traffic logs under the relevant drop action.
Enable logging during initial setup or troubleshooting to validate your configuration. Once the environment is stable, consider disabling it to avoid log noise from high-frequency traffic types.
Updated
Comments
0 comments
Please sign in to leave a comment.