Use the setup wizard to make sure that the external address and external gateway of the firewall have been
properly set to your Internet Service Provider's (ISP) specifications. If there is no discrepancy, it would be a
good idea to double check with your ISP that they have provided you with the correct information.
Q: I am having problems setting up my policies. I cannot add source or destination addresses to
policies.
When setting up policies, it is important to remember that new addresses cannot be entered into the
Destination or Source fields. New addresses must be added to the firewall address lists. The choices under
the Destination and Source menus come directly from the address lists. See
.
Q: I want to set up an incoming policy for an FTP server on my internal network.
Providing access to servers on your internal network is explained in the following sections:
·
NAT mode policy for public access to a server
.
·
Route mode policy for public access to a server
.
·
Transparent mode policy for public access to a server
.
Q: I want to connect to a TELNET/FTP/WEB server across the Internet. If I set the outgoing policy
service field to TELNET/FTP/HTTP, I can't connect.
Try setting the service to ANY. Settings for individual services assume that the standard port for that service
is being used, and only traffic addressed to that port is allowed through. If you are using a non-standard port,
setting individual services will not work. ANY allows traffic to go to all ports.
Schedules
Q: I need a schedule that will allow access to the Internet overnight, from 9:00 pm to 9:00 am. How
can I do this?
Create a recurring schedule with a start time of 9:00 pm and a stop time of 9:00 am. If the stop time is set
earlier than the start time, the stop time will be during next day.
VPN
Q: The client to subnet configuration was working, but now it has shut down and I can't recover it.
How do I get it back again?
This happens when the tunnel is down and the client software thinks it is still connected. To recover you must
disconnect at the client end.
Q. Why can't I bring up the connection in the case of subnet to subnet configuration?
First check that you have set up the proper IPSec policy for this connection. If you have, check that the
authentication keys are the same on the local and remote IPSec gateways. Also check that the remote
gateway address is correct.
Virus protection
Q: I am worried about viruses so I set the Antivirus options to block. Now people are complaining that
some files that they need are blocked.
When antivirus protection for HTTP or any of the email protocols is set to block, potentially dangerous file
types are blocked. Under normal conditions, antivirus protection can safely be set to scam. Block should only
be used in extreme circumstances when a new virus has been found.
Q: A new virus is spreading through the Internet. What should I do?
DFL-500 User Manual
132