By default, firewall has only one rule #NOUSER#. It either forbids everything that is not allowed or allows everything that is not forbidden. It depends on the action selected (Pass or Block). By default, Pass is selected. If you enable Block and Pass simultaneously in #NOUSER# rule, then no traffic will go through except the traffic through NAT and through ports open in Port Mapping and Proxy Settings (HTTP, FTP, Socks proxy) in UserGate .
The ports specified in the proxy settings (Proxy Settings - HTTP, FTP, Socks), as well as the ports specified in Port Mapping are included into the automatically generated firewall rules (type auto). Port TCP 2345, which is used by UserGate Administrator for connecting to UserGate Server, is also included in the auto rules.
To illustrate firewall setup we have enabled HTTP and Socks proxy in UserGate (8080 and 1080 TCP) and set up two port mappings (8025 and 8110 TCP). Port 2345 TCP is used by UserGate Administrator ( illustration).