FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
210 views 1 comments
by anonymous
Look at PNG.

In terms of security; does the firewall zone configuration setting look right?

I set up wireguard on a new RUT950 and i have the resulting configuration as shown in PNG.

1 Answer

+1 vote
by anonymous
Hello,

The resulting firewall configuration is indeed necessary.

Wireguard clients must be allowed to access the internet, thus the Masquerading option, basically meaning one to many network address translation (NAT).

It also needs to accept traffic generated by Wireguard (wg0 or similar) interface. This results in Input/Output fields set as Allow.

Lastly, there has to be traffic forwarding from LAN to Wireguard interfaces and vice versa. Due to that, there is Inter-zone forwarding added between these zones.

Best regards,
by anonymous
Where is the PNG? I am wondering about custom Firewall Zone configurations also with respect to Wireguard and whether Masquerading and/or MSS clamping is necessary. I am finding that I need to make a custom zone and put the Wireguard <==> LAN mappings into it, and enable MSS clamping to get larger packets to properly fragment.