Traffic Policy

Topic

This article describes how to configure custom traffic policies on a Datto DNA.

Environment

Datto Networking Appliance (DNA)

Description

A traffic policy enables operators to define rules that allow or block incoming and outgoing traffic based on its port, IP address, or both of these parameters

Navigation

1. Log into the DNA web interface, click the Firewall tab, then click Traffic Policy.

Figure 1: The DNA web interface

Configuration

Click New Rule to create a new traffic policy rule. You can create multiple rules. Use the following fields and options to configure your rule:

Order: This field lets you attribute a numerical priority to the rule. Rules are processed sequentially, with the lowest value representing the highest priority (1, 2, 3, etc.). In the example shown in Figure 2, two rules are blocking and allowing the same IP address. When applied to traffic, the block rule will take precedence due to its order value.

Figure 2: Rules blocking and allowing traffic

Name: In this field, you can specify a name for the rule.
Allow: This menu lets you specify whether your DNA should allow or block incoming or outgoing traffic.
Source IP/Subnet: Enter the incoming IP address the rule will use. For example, you may apply the rule to all traffic originating from 8.8.8.8. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). If you leave this field blank, the rule will apply to all source IP addresses.
Source Port(s): Enter the incoming port or port range this rule will use. For example, incoming traffic uses port 80. If you leave this field blank, the rule will apply to all ports.
Protocol: This menu lets you define the traffic type to which the rule applies. You can select from the following options:
- TCP
- UDP
- TCP & UDP
- ICMP
- UDB-Lite
- ESP
- AH
- SCTP
- OSPF
- All
- Other (enter a protocol number between 0 and 255)
  - Refer to the IANA Assigned Internet Protocol Numbers for further information
Dest IP/Subnet: Enter the outgoing IP address the rule will use. For example, all traffic traversing to 8.8.8.8. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). If you leave this field blank, the rule will apply to all destination IP addresses.
Dest Port(s): Enter the destination port for the rule. For example, outgoing traffic using port 80. If you leave this field blank, the rule will apply to all ports.
Delete: Press the X button to delete the rule.

Click Save Changes to save all modified settings.

Figure 3: Traffic policy with one new rule

Common Rules

Allowing and Blocking LAN or VLAN traffic

When creating your rule, enter the LAN or VLAN IP range in both the Source IP and Dest IP fields.

Allowing and Blocking traffic by port

Use Port Forwarding rules to ensure that your DNA sends port-defined application traffic to specific machines.

Web Filters

The Web Filters feature requires open access to the IP addresses:

18.219.167.83
13.57.118.138
13.54.39.168
18.130.11.250 over TCP port 53

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.