Encrypting network traffic: is direction significant?

[cosmik]

I've got two branches on my installation, A (main) and B (remote). Additionally:
* both branches are in private RFC1918 address changes, connected to each other
* connection between the sites is not over a tunnel, ie not secured
* I am doing backup copy jobs from VMs on site A to repos on B and vice versa

With the default network traffic rules, both types of traffic (from A -> B and B -> A) would be unencrypted.

Now there is the option of adding global network traffic rule(s). Looking at the dialog box caption it seems to me that the rule affects single-directional traffic (ie either A->B or B->A; not both). Is that correct?

If these rules are single-direction, then I have to create two rules, one for each direction. If not, a single rule will suffice...

[HannesK]

Hello,
network traffic rules are bi-directional. Maybe we should rename the labels to "Network A" and "Network B"

Note that the rules are reversible. The rule from the example will also apply to the specified components if you swap the ranges: make 192.168.0.1–192.168.0.255 the target range and 172.16.0.1–172.16.0.255 the source range.

Best regards,
Hannes

[cosmik]

Thanks for the info!

[cosmik]

Hello,
network traffic rules are bi-directional. Maybe we should rename the labels to "Network A" and "Network B"

Just got at work and had a chance to check the BR gui. The add new network traffic rule uses the terms "Source IP address range" and "Target IP address range:". Which, in my book, marks the rules as uni-directional.

Network A and B would be rather ludicrous (lol), but the dialog could be something like "traffic between these networks xxxxx and xxxxx will be [ ]encrypted [ ]throttled."

I'm awesome in GUI design :p