Skip to content

Firewall & Security

RansNet devices include a stateful firewall, web content filtering, and integrated logging — providing perimeter security, access control, and visibility at every site without requiring separate appliances. Security policies are managed centrally through mfusion and pushed to devices, so a consistent posture can be enforced across the entire fleet.

All security configuration is accessible under Device Settings → Security in the mfusion management interface, or via the CLI on each device.


Security Capabilities

Stateful Firewall

The firewall inspects traffic by connection state and enforces rules across three policy chains:

  • Input — Traffic destined to the device itself (management access such as GUI, SSH, RADIUS).
  • Access — Traffic passing through the device between zones/interfaces (the main forwarding policy).
  • SNAT/DNAT — Source and destination NAT for outbound masquerading and inbound port forwarding.

Rules are evaluated in order by policy ID, with named objects and reusable templates to keep large rule sets manageable.

Web Filtering

DNS-based web content filtering blocks access to malicious, inappropriate, or policy-violating domains. This protects users from phishing and malware and helps enforce acceptable-use policies on guest and corporate networks alike.

Logging and Flow Collection

Devices can forward firewall logs and NetFlow records to a collector for retention, audit, and analysis — supporting security investigation, compliance reporting, and dispute resolution.


In This Section

Topic Description
Firewall Overview Firewall architecture — input, access, and NAT policy chains and how rules are evaluated
Firewall Policies Creating and ordering permit/deny rules across the policy chains
Firewall Objects Reusable address, service, and group objects referenced by rules
Firewall Templates Standardized rule sets pushed to many devices for a consistent posture
Web Filtering DNS-based content filtering to block malicious or policy-violating domains
Log Collector Centralized collection and retention of device security logs
NetFlow Collector Collecting NetFlow records for traffic analysis and security investigation

Best Practices

  • Never expose management services to WAN — Keep GUI and SSH access restricted to LAN or the management interface.
  • Default-deny on forwarding — Permit only the traffic each network actually needs across the access chain.
  • Use objects and templates — Reference reusable objects and apply templates so policy changes propagate consistently across the fleet.
  • Device hardening — For comprehensive hardening beyond firewall rules, see Device Hardening.