Firewall Rules - Interface selection Planned

Darren Hasley

We need the ability to select an interface for firewall rules rather than relying on destination “any” for access outbound from Timus clients to the internet.  That rule should be written as Wireguard/OpenVPN to WAN interface, instead of "any”. 

Adding interface selection to firewall rules would allow for more granular security.

Comments

5 comments

Date Votes
  • Comment author
    Eda Ercan
    • Official comment

    Here is the latest update: We've reviewed this and are moving forward with enabling Interface selection in Firewall Rules. This feature will be delivered with the Gateway 14.0.0 release. We'll share updates as things progress. We appreciate your input in making Timus better!

    Note: Our current estimate is Q2 2026, but scope and sequencing can still shift as we finalize implementation details.

  • Comment author
    Jack Musick

    I'll second this. This should be the default setup:
     

    1. Allow All to Internet (LAN → WAN)
    2. Deny All

    Especially in a ZTNA solution, I think it's strange that not only is that not the default, but it's also hard to accomplish.

    This of course means no more implicitly allow ping. That's a very strange choice as well in my opinion.

    1
  • Comment author
    Kevin Fagan

    This is included in the roadmap with a tentative release planned for Q3.

    0
  • Comment author
    Kevin Fagan

    Will be LIVE with Cloud 1.30.0 and Gateway 14.0.0 Releases.  Still on track for Q3.

    0
  • Comment author
    Kevin Fagan

    This went live with Shared Gateways (Cloud 1.30.0).  Full functionality with Gateway 14.0.0 release.

    0

Please sign in to leave a comment.