A trusted network is one that is given access to various NetManager resources such as:
- Access to web-proxy
- Open access to webpages (see "Controlling access to webpages" for more details).
- Sending mail via SMTP
- Ability to update DNS records
- Ability to send network traffic through the firewall (not if firewall is set to filter in and out - see below).
By default, all local networks ranges that are directly configured on the NetManager are trusted (this includes all VPN clients too). The exception to this is if your default gateway is on a separate network to your internal network (i.e. the NetManager is routing traffic and you are using NAT). In this situation, the gateway network will not be trusted unless explicitly enabled (referred as Allow access to gateway network in the CLI menu).
If your firewall is set to filter both inwards and outwards traffic (a.k.a. paranoid mode), then trusted networks will only be able to access the NetManager resources rather than route traffic through it to other resources (such as external webservers or mail servers). In paranoid mode, if you want to send network traffic through the NetManager, you will need to explicitly allow this in your firewall rules.
The list of trusted networks may need to be altered if your internal network is more complex, for example there is another network range that is not directly configured on the NetManager, e.g. a number of VLANs reached via a layer 3 switch. When you set up routes to other networks, you can choose whether or not they are trusted.
There is an overall list of trusted networks, as well as the ability to configure additional trusted networks for different services. N.B. Configured trusted networks are in addition to the ones automatically determined from the local configured networks.
In addition, you can configured Untrusted Networks from which access will be denied. This is useful if you only have administrative control to a subnet of the whole network. It is also useful to provide more specific filtering to an attached VLAN such as a guest wifi network.
The list of trusted and untrusted networks can be configured using webadmin.