I know the second one is specific to net traffic, but other than that is there any difference between the two?
No.
jhead@R1# set firewall ?
Possible completions:
> filter Define an IPv4 firewall filter
Contains IPv4 (protocol family inet).
jhead@R1# set firewall family ?
Possible completions:
> inet Protocol family IPv4 for firewall filter
Also contains IPv4 (protocol family inet).
If not, why have two different ways to write firewall rules on MX routers?
Older version of JUNOS used to only have "set firewall filter"
, and the newer versions contain "set firewall family"
as well. So it was decided that it should stay for those who don't need to specify a family other than IPv4 (inet).
It does seem a bit backwards, but if you're not already, I would advise sticking to one style just to keep configuration as clear as possible.
As others have stated there is not a need to configure any sub-interfaces on the SonicWALL. I am assuming your modem is already in bridge mode since you have a public IP address configured on the SonicWALL Internet facing interface, if this is not so this needs to be done.
There is nothing you need to do to announce those IPs from the SonicWALL because in bridge mode the SonicWALL is acting as an authoritative device of sort for them with your modem acting as the gateway.
The only thing that needs configured is a NAT policy mapping the desired public IP address to desired private IP address. The easiest way to do this is via the public server wizard which can be located on the top right corner of the web interface.
Step 1: Launch Wizards
Step 2: Select "Public Server Wizard"
Step 3: Specify Server Type and what ports you would like forwarded.
Step 4: Specify the private IP address of the server, and a friendly name to help you identify it in the ruleset.
Step 5: Specify the Public IP address you would like to use.
Step 6: Review the summary to ensure everything is correct, and apply your changes!
If you need to make changes down the line, you can see your NAT policy under Network > NAT Policies
This should have no operational impact, however with any change you should exercise discretion and play it safe by making the change within a downtime window to minimize any potential user impact.
http://documents.software.dell.com/sonicos/5.9/administration-guide/wizards/providing-public-access-to-an-internal-server/wizards-public-server-wizard?ParentProduct=850
Best Answer
Though there are (as far as I know) no strict definitions, you say that policies are the abstract, high level definitions of what traffic should and shouldn't be allowed. Firewall rules are the translation of policies into practical configuration.
For example: the policy "allow only management traffic from trusted networks" is translated into rules which allow traffic from
192.2.0.0/24
toTCP/22
and from192.2.100.0/24
toTCP/3389
.