How do I create a Group Bridging Rule in the New Firewall?

Article #: Product: Version:
KB-18 All Inverness onwards


How to create a group bridging rule in the new consolidated Firewall rules page.


By default, authenticated users can access resources within their own, current network zone. You use group bridging rules to allow authenticated users to access specific IP address, IP address ranges or subnets, and services within other, specified network zones.

The Inverness release saw the firewall-related pages in the Smoothwall being consolidated. The previous page for setting up group bridging (Network > Filtering > Group bridging) has been amalgamated into the new firewall page (Network > Firewall > Firewall rules) which determines how traffic is routed through the Smoothwall.


  1. If the user group does not already exist, go to Services > Authentication > Groups and add your group there.
  2. Go to Network > Firewall > Firewall rules.
  3. Create a firewall rule, noting the following:
    • Destination IP addresses — Select the IP addresses this rule forwards matching traffic to.
    • Outbound interfaces — Select the interface matching network traffic is routed through.
    • Services — Select those service objects, previously Ports and Protocols, relevant for this rule.
    • Group — Select the relevant groups for this group bridging rule.
    • Action — From the drop-down list, select Accept.

The above creates a group bridging rule that mirrors the behavior from the pre-Inverness Smoothwalls, that is, control the flow of traffic from the specified group destined for the specified IP addresses.

Tip: Firewall rules are applied in a top-down approach. Move this rule above any block rules you have in place.

With the new consolidated firewall, you can also:

  • Specify the Source IP addresses to match traffic originating from those specified. Leave this parameter blank to match traffic coming from all IP addresses.
  • If using an IP address range or subnet for Source IP address or Destination IP address you can exclude IP addresses in that range from matching the group bridging rule.
  • Specify the Inbound interfaces to match traffic originating from those interfaces. Leave this parameter blank to match traffic coming from any interface, or combine this parameter with Source IP addresses to match traffic using the interface but only if it originates from those addresses.
  • Specify the Applications (Apps) that are used by the matching network traffic. Leave this parameter blank to match traffic from any application.
  • Choose whether to Log matching traffic to the Firewall log.
  • Choose whether to drop or reject (Action) all matching network traffic

For a detailed description of how to create and manage firewall rules, go to

See Also


Last updated: Author: Contributions by:
09th March 2017 Samantha Nair