Firewall
The fundamental functionality of Crystal Eye’s Firewall application is to block all incoming attacks from external sources on the internal network or LAN. This application page has two sections Allowed Incoming Connections section and Blocked Incoming Connections section. The Allowed Incoming Connections section helps to define inbound connections based on service, port and port range whereas, the later allows administrators to block a particular host from accessing internal networks.
Left-hand Navigation Panel > Security Configuration > Firewall > Firewall  |
|---|
The Firewall application has distinctive functionalities to allow specific incoming connections. The Crystal Eye administrator has the leverage to allow incoming connections based on Services, Ports and Port Ranges. Once a particular service, port or port range is allowed it can also be disabled or deleted.
There is a range of services related protocols that can be allowed to access Crystal Eye networks. For example if you have enabled FTP service using this feature you will essentially be able to access a FTP server in CE networks from outside. By using ‘Allow Inbound Service Based Connections’ the CE administrator can open ports for particular service.
How to Allow Incoming Connections Based on Service?
Step 1: In the Firewall application page, click the Add button dropdown and select Add by: Service.
Step 2: Select the desired service from the Service dropdown and click Add.
The Allow Inbound Port Based Connections feature of the Firewall application is used to specify certain specific ports to be opened for selective services. Apart from allowing inbound traffic by selecting the service name, the CE administrator can also have customized ports assigned to services and open them.
How to Allow Incoming Connections Based on Port?
Step 1: In the Firewall application page, click the Add dropdown and select Add by: Port.
Step 2: Enter the nickname of the port in the Nickname box.
Step 3: Select the desired protocol for which you want to allow connections from the Protocol dropdown in the Port section. 
Note: The Protocol dropdown has three options namely, TCP, UDP and TCP & UDP.
Step 4: Enter the port number in the Port box and click the Add button.
There could be instances when an administrator might require access to multiple ports. For example, if VoIP needs to be accessible from outside Crystal Eye networks. In such cases, the Allow Inbound Port Range Based Connections feature of the application can be used to open multiple ports.
How to Allow Incoming Connections Based on Port Range?
Step 1: In the Firewall application page, click the Add dropdown and select Add by: Port Range.
Step 2: Enter the nickname of the port in the Nickname box.
Step 3: Select the desired protocol for which you want to allow connections from the Protocol dropdown in the Port Range section. 
Step 4: Enter the Port Range in the From box and To Box. Now, click the Add button.
The Block Incoming Connections feature of the application play an important role in blocking incoming connections. The administrator can block by specifying the IP or host.
How to Block Incoming Connections?
Step 1: In the Firewall application page, click the Add button in Blocked Incoming Connections section.
Step 2: Enter the nickname and host IP in the Nickname box and Host box and click the Add button.