Comprehensive data protection for all workloads
Post Reply
cosmik
Enthusiast
Posts: 83
Liked: 10 times
Joined: Jan 23, 2021 10:14 am
Full Name: Michael Pappas
Contact:

Encrypting network traffic: is direction significant?

Post by cosmik »

I've got two branches on my installation, A (main) and B (remote). Additionally:
* both branches are in private RFC1918 address changes, connected to each other
* connection between the sites is not over a tunnel, ie not secured
* I am doing backup copy jobs from VMs on site A to repos on B and vice versa

With the default network traffic rules, both types of traffic (from A -> B and B -> A) would be unencrypted.

Now there is the option of adding global network traffic rule(s). Looking at the dialog box caption it seems to me that the rule affects single-directional traffic (ie either A->B or B->A; not both). Is that correct?

If these rules are single-direction, then I have to create two rules, one for each direction. If not, a single rule will suffice...
HannesK
Product Manager
Posts: 15598
Liked: 3445 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Encrypting network traffic: is direction significant?

Post by HannesK »

Hello,
network traffic rules are bi-directional. Maybe we should rename the labels to "Network A" and "Network B" :-)
user guide wrote:Note that the rules are reversible. The rule from the example will also apply to the specified components if you swap the ranges: make 192.168.0.1–192.168.0.255 the target range and 172.16.0.1–172.16.0.255 the source range.
Best regards,
Hannes
cosmik
Enthusiast
Posts: 83
Liked: 10 times
Joined: Jan 23, 2021 10:14 am
Full Name: Michael Pappas
Contact:

Re: Encrypting network traffic: is direction significant?

Post by cosmik »

Thanks for the info!
cosmik
Enthusiast
Posts: 83
Liked: 10 times
Joined: Jan 23, 2021 10:14 am
Full Name: Michael Pappas
Contact:

Re: Encrypting network traffic: is direction significant?

Post by cosmik »

HannesK wrote: Jul 19, 2022 11:14 am Hello,
network traffic rules are bi-directional. Maybe we should rename the labels to "Network A" and "Network B" :-)
Just got at work and had a chance to check the BR gui. The add new network traffic rule uses the terms "Source IP address range" and "Target IP address range:". Which, in my book, marks the rules as uni-directional. ;)

Network A and B would be rather ludicrous (lol), but the dialog could be something like "traffic between these networks xxxxx and xxxxx will be [ ]encrypted [ ]throttled."

I'm awesome in GUI design :p
Post Reply

Who is online

Users browsing this forum: Baidu [Spider], Semrush [Bot] and 4 guests