Using a schedule to deny access
The following example procedure to periodically deny access to a public web server to allow for regular
maintenance is similar to any procedure to deny a connection that would otherwise be accepted by an
existing policy. In this example, the DFL-500 is running in NAT/Route mode.
To use a schedule to deny access:
·
Add a schedule for the time period during which you want to deny access.
See
.
·
Go to
Firewall > Policy
.
·
Select the tab containing the policy to which you want to deny access.
·
Select Insert Policy Before
for the policy to block.
·
Configure the new policy to match the policy to block with the following exceptions:
·
Select the schedule that you added in step
Add a schedule for the time period during which you want
·
Set Action to DENY.
·
Select OK to save the policy.
You must add the deny policy above the accept policy in the policy list. For more information, see
and
Ordering policies in policy lists
.
Example policy to use a schedule to deny access
Denying connections to the Internet
Policies that deny connections to the Internet from the internal network restrict the full access to the Internet
granted by the default policy.
You can deny connections:
·
From addresses on the internal network
·
To addresses on the Internet
·
To specific services
·
According to one-time or recurring schedules
The following example procedure to prevent all users on the internal network from using POP3 to connect to
an email server on the Internet is similar to any procedure to deny a connection that would otherwise be
accepted by the default policy. In this example, the DFL-500 is running in NAT/Route mode.
To deny a connection to the Internet:
·
Go to
Firewall > Policy > Int to Ext
.
If it has not been removed, the default policy should be in this policy list.
DFL-500 User Manual
50