FWX120 Operation Manual
83
4
Enhancing security
Passing only necessary packets through a dynamic
filter (policy filter)
(Continued from the previous page)
Managing multiple
policy sets
You can create up to three sets of policy lists (policy
sets). You can first create one policy set for use
in normal operation and another for emergency
situations that can allow only minimum required
connections. These policy sets are useful in cases
when you want to change policies quickly enough
to suit your situation.
Add a policy set
In the “Configure policy set” screen, you can add
a policy set.
For more details on the settings, click “Help” on the
setup screen and refer to the description displayed.
To open the “Configure policy set” screen
From “Basic configuration page”, click the buttons
on the setup screen in the following order:
“Advanced settings” in the top page
“Configure” in “Configure policy filter”
“Execute” of the interface for which you want to
view the policy filter
(Click “Execute” of “Configure and view status
of IPv4 policy filter” if IPv4 addresses are used
for connection, or “Execute” of “Configure and
view status of IPv6 policy filter” if IPv6 addresses
are used.)
“Add” in “List of policy set”
To specify a level in the hierarchy to
add a policy
In the “Configure and view the status of policy filter”
screen, you can create a filter so that a policy in a
child level narrows down the criteria in the parent
policy (up to the depth of four levels).
This usage is useful if you want to add an
exceptional policy that narrows down the criteria.
For example, you can allow WWW access, while
adding exceptional criteria (which denies traffic if
the source IP address is 172.16.0.1) to the child
level.
Adding a policy to the same level
On the row immediately above the row to which
you want to add a policy, click
and then select
“Add to parallel”.
When you finish configuring the policy in the
“Configure policy filter” screen, the configured
policy is added to the row immediately below where
you clicked
, at the same level.
NOTE
If added in this way, a policy is added to the same level
and therefore does not work as a criteria-narrowing
filter.
Adding a policy to the child level
On the row of the policy of which you want to add
a policy to the child level, click
and then select
“Add to under”.
When you finish configuring the policy in the
“Configure policy filter” screen, the configured
policy is added to the row immediately below where
you clicked
, at the child level.