Assumptions:

1. We will support 1 internal NIC/2 external NIC
2. basic IP address setting will be done outside UI using OS tools

Merce Firewall UI

• All status reports: expand/collapse
• full external NIC failure - where to relay packets?
• What ports to allow for outgoing
  • from sepcifc IP
  • from all
• What incoming connections to allow
  • forward to which internal IP
  • TCP/UDP
  • from all/from a specific src
• IP addrs to block completely (internal/ external): useful when an IP is generating rogue traffic
• For each external NIC do
  • is it on a public IP? (Yes = do NAT)
  • list of traffic it will carry
• local Web cache?
  • with AV
  • with cache? (cache size, expiry)
  • port number?
• VPN
  • for each key do
  • connect from any or specific IP?
• default policy: from rule and to rule
• what IP subnet to use for each user
• options for site to site connections?
• local outgoing MTA
  • config params
  • masquerading sender
  • smart host
• local incoming MTA
  • same as outgoing - if not than -- port number? (checks eg. rev lookup etc.)
  • Mailgate? (y/n)
  • SMTP Auth? (y/n)
  • allow relay for enterprise user
  • forwarding incoming mails to?