158
C
HAPTER
11: A
DMINISTRATION AND
A
DVANCED
O
PERATIONS
■
Does this rule conflict with any existing rules?
Once you have answered these questions, to add rules you type the
information into the correct boxes in the
Policy Rules
window.
a
Action
Select the
Allow
or
Deny
option button depending on the intent of
the rule, as defined by item 2 in the “Using Network Access Policy
Rules” on page 157.
b
Service
From the
Service
menu, select the IP protocol, as defined by item 4 in
the “Using Network Access Policy Rules” on page 157. If the protocol
is not listed, it is necessary to first define it in the
Add Service
window.
c
Source
There are three parameters to configure for the
Source
item.
■
Select the Network Access Rule’s source port,
LAN
,
WAN
, or
DMZ
,
if appropriate, from the
Ethernet
menu.
■
If there are IP address restrictions on the source of the traffic, such
as keeping competitors off the company’s Web site, type the
starting and ending IP addresses of the range in the
Addr. Range
Begin
and
Addr. Range End
, respectively.
■
If all IP addresses are affected, type
*
in the
Addr. Range Begin
box.
d
Destination
There are three parameters to configure for the
Destination
item.
■
Select the Network Access Rule’s destination port,
LAN
,
WAN
, or
DMZ
, if appropriate, from the
Ethernet
menu.
■
If there are IP address restrictions on the destination of the traffic,
such as limiting Telnet to a remote site, type the starting and
ending IP addresses of the range in the
Addr. Range Begin
and
Addr. Range End
, respectively.
■
If all IP addresses are affected, type
*
in the
Addr. Range Begin
box.
Understanding the
Rule Hierarchy
The rule hierarchy has two basic concepts:
■
Specific rules override general rules.
■
Equally specific Deny rules override Allow rules.
DUA1611-0AAA02.book Page 158 Thursday, August 2, 2001 4:01 PM
Содержание 3C16111 - SuperStack 3 Firewall Web Site Filter
Страница 18: ...18 DUA1611 0AAA02 book Page 18 Thursday August 2 2001 4 01 PM ...
Страница 50: ...50 DUA1611 0AAA02 book Page 50 Thursday August 2 2001 4 01 PM ...
Страница 96: ...96 CHAPTER 6 USING THE FIREWALL DIAGNOSTIC TOOLS DUA1611 0AAA02 book Page 96 Thursday August 2 2001 4 01 PM ...
Страница 122: ...122 CHAPTER 8 ADVANCED SETTINGS DUA1611 0AAA02 book Page 122 Thursday August 2 2001 4 01 PM ...
Страница 150: ...150 CHAPTER 10 CONFIGURING HIGH AVAILABILITY DUA1611 0AAA02 book Page 150 Thursday August 2 2001 4 01 PM ...
Страница 152: ...152 DUA1611 0AAA02 book Page 152 Thursday August 2 2001 4 01 PM ...
Страница 166: ...166 CHAPTER 11 ADMINISTRATION AND ADVANCED OPERATIONS DUA1611 0AAA02 book Page 166 Thursday August 2 2001 4 01 PM ...
Страница 174: ...174 DUA1611 0AAA02 book Page 174 Thursday August 2 2001 4 01 PM ...
Страница 178: ...178 CHAPTER 13 TYPES OF ATTACK AND FIREWALL DEFENCES DUA1611 0AAA02 book Page 178 Thursday August 2 2001 4 01 PM ...
Страница 190: ...190 CHAPTER 14 NETWORKING CONCEPTS DUA1611 0AAA02 book Page 190 Thursday August 2 2001 4 01 PM ...
Страница 192: ...192 DUA1611 0AAA02 book Page 192 Thursday August 2 2001 4 01 PM ...
Страница 206: ...206 APPENDIX D TECHNICAL SUPPORT DUA1611 0AAA02 book Page 206 Thursday August 2 2001 4 01 PM ...
Страница 212: ...212 INDEX DUA1611 0AAA02 book Page 212 Thursday August 2 2001 4 01 PM ...
Страница 214: ...DUA1611 0AAA02 book Page 214 Thursday August 2 2001 4 01 PM ...