authenticate, will have AAA server-based authorization rules applied, or will be subject to
accounting when connecting to hosts specified in the Source Name/Address column.
Interface—Specifies the interface on which an AAA rule is configured and enforced. This column
always contains the name of an interface on your PIX Firewall, such as "inside," which means this
AAA rule is applied to traffic the PIX Firewall receives from interface "inside."
❍
Service—The destination service. A rule configured to perform AAA on connections from the
specified source hosts to the specified destination hosts using the HTTP protocol over TCP will
perform AAA when HTTP appeared as the destination port in the TCP packets.
❍
Server Group—Specifies the AAA Server Group tag. Options are
and
RADIUS
or a
predefined AAA Server Group defined in System Properties>AAA>AAA Server Groups. To
create new AAA rules, a server group must exist and have one or more servers in it. You can define
servers in System Properties>AAA>AAA Servers and assign them to the appropriate server group.
❍
The Filter Rules option displays the following fields:
#—A number indicating order of evaluation for the rule.
❍
Action—Indicates the action that applies to the given rule type. Options are filter ActiveX, filter
Java applet, filter URL, and do not filter URL.
❍
Source Name/Address—Displays the IP addresses and names of hosts that will have filtering
operations performed when connecting to hosts listed in the Destination Name/Address column.
❍
Destination Name/Address—Displays the IP addresses and names of hosts that will be subject to
filtering operations performed when connecting to hosts listed in the Source Name/Address
column.
❍
Service—The service on which filtering will be performed.
❍
Options
Allow when Websense server is down—If the
Websense
server is down, the PIX Firewall
will allow all web traffic without performing URL filtering.
■
Deny when Websense server is down—If the
Websense
server is down, the PIX Firewall
will deny all web traffic.
■
Apply to PIX—Sends changes made in PDM to the PIX Firewall unit and applies them to the
running configuration.
Reset—Discards changes and reverts the panel to the information displayed when it was opened or
the last time
Refresh
was clicked while open.
❍
How Rules are Organized
This section describes how rules are organized in PDM. This section may cover material that is best
suited for advanced users familiar with the command-line interface (
CLI
), or those configuring a PIX
Firewall with a previous configuration.
Note: You cannot define any access rules until static or dynamic NAT has been configured for the
hosts or networks on which you want to limit traffic.
In PDM, authorization rules must have a corresponding authentication rule.
Содержание PIX 520 - PIX Firewall 520
Страница 45: ...Copyright 2001 Cisco Systems Inc ...
Страница 68: ...Copyright 2001 Cisco Systems Inc ...
Страница 74: ...Copyright 2001 Cisco Systems Inc ...
Страница 87: ...Copyright 2001 Cisco Systems Inc ...
Страница 92: ...Copyright 2001 Cisco Systems Inc ...
Страница 107: ...The panel has these buttons OK Exits the panel Help Provides more information Copyright 2001 Cisco Systems Inc ...
Страница 108: ......
Страница 184: ......
Страница 197: ...Copyright 2001 Cisco Systems Inc ...
Страница 200: ......
Страница 232: ...Copyright 2001 Cisco Systems Inc ...
Страница 246: ...Copyright 2001 Cisco Systems Inc ...