Note
: Changing policy modes between interfaces resets firewall policies and addresses and IPSec VPN policies.
To change the policy mode between the internal and external interface using the web-based manager:
·
Go to
Firewall > Mode
.
·
Select the mode for connections between the internal and external interface.
Select NAT to change the policy mode to NAT mode. Select Route to change the policy mode to route
mode.
·
Click Apply.
Adding policies
Add security policies to control connections and traffic between DFL-500 interfaces. The first step to adding a
policy is to select a policy list. There are 2 policy lists:
Int to Ext
Policies for connections from the internal network to the external network (the Internet).
Ext to Int
Policies for connections from the external network to the internal network.
Once you have chosen the policy list, you can add policies to control connections. You must arrange policies
in the policy list so that they have the results that you expect.
Use the following procedures to add policies:
·
·
·
·
Ordering policies in policy lists
Adding route mode policies
When the firewall is running in Transparent mode, all policies are route mode policies. When the firewall is
running in NAT/Route mode, policies are route mode policies when the policy mode between two interfaces is
set to route mode.
To add a route mode policy:
Go to
Firewall > Policy
.
·
Select a policy list tab.
·
Click New to add a new policy.
You can also select Insert Policy before
on a policy in the list to add the new policy above a specific policy.
·
Configure the policy.
Source
An address that matches the source address of the packet. This can be a single IP address or an address
range. Before you can add this address to a policy, you must add it to the source interface. This address
must be a valid IP address for the network connected to the source interface. See
Destination
An address that matches the destination address of the packet. This can be a single IP address or an
address range. Before you can add this address to a policy, you must add it to the destination interface.
This address must be a valid IP address for the network connected to the destination interface. See
Schedule
A schedule that controls when this policy is active. During the time that the schedule is valid the policy is
available to be matched with connections. See
.
DFL-500 User Manual
31