Firewall
Configuring Firewall Rules to Control Inbound and Outbound Traffic
Cisco ISA500 Series Integrated Security Appliances Administration Guide
206
6
Default Firewall Settings
By default, the firewall prevents all traffic from a lower security zone to a higher
security zone (commonly known as Inbound) and allows all traffic from a higher
security zone to a lower security zone (commonly known as Outbound).
For example, all traffic from the LAN (trusted zone) to the WAN (untrusted zone) is
permitted, and traffic from the WAN (untrusted zone) to the DMZ (public zone) is
blocked.
When you create a new zone, such as a Data zone, firewall rules are automatically
generated to permit or block traffic between that zone and other zones, based on
the security levels for the
From
and
To
zones.
The following table displays the default access control settings for traffic between
the zones in the same or different security levels.
If you want to alter the default behaviors—for example, allowing some inbound
access to your network (WAN to LAN) or blocking some outbound traffic from your
network (LAN to WAN)—you must create firewall rules.
Use the Default Policies page to view the default firewall behaviors for all
predefined zones and new zones.
STEP 1
Click
Firewall > Access Control > Default Policies
.
STEP 2
Click the triangle to expand or contract the default access control settings for a
specific zone. The following behaviors are defined for all predefined zones.
From/To
Trusted(100)
VPN(75)
Public(50)
Guest(25)
Untrusted(0)
Trusted(100)
Deny
Permit
Permit
Permit
Permit
VPN(75)
Deny
Deny
Permit
Permit
Permit
Public(50)
Deny
Deny
Deny
Permit
Permit
Guest(25)
Deny
Deny
Deny
Deny
Permit
Untrusted(0)
Deny
Deny
Deny
Deny
Deny
From/To
LAN
VOICE
VPN
SSLVPN
DMZ
GUEST
WAN
LAN
N/A
Deny
Permit
Permit
Permit
Permit
Permit