Firewall Configuration
Firewall Rule Configuration Examples
Cisco SA 500 Series Security Appliances Administration Guide
135
5
Blocking Outbound Traffic By Schedule and IP Address Range
Use Case: Block all weekend Internet usage if the request originates from a
specified range of IP addresses.
Solution:
Set up a schedule called “Weekend” to define the time period when the
rule is in effect. Configure an outbound rule that applies to traffic from marketing
group, which has an IP address range of 10.1.1.1 to 10.1.1.100.
Action
ALLOW always
Source Hosts
Address Range
From
132.177.88.2
To
134.177.88.254
Send to Local Server
(DNAT IP)
192.168.75.11
(internal IP address)
Parameter
Value
From Zone
Secure (LAN)
To Zone
INSECURE (Dedicated WAN/Optional
WAN)
Service
HTTP
Action
BLOCK by schedule
Schedule
Weekend
Source Hosts
Address Range
From
10.1.1.1
To
10.1.1.100
Destination Hosts
Any
Parameter
Value