Adding a "Drop All" Policy is Recommended
Scanning of IP rule sets is done in a top-down fashion. If no matching rule set entry is found for
traffic then a hidden, implicit
default rule
is triggered. This rule cannot be changed and its action
is to drop all such traffic as well as generate a log message when it is triggered.
In order to gain more control over dropped traffic and its logging, it is recommended to create
an explicit "drop all" IP policy as the last entry in the
main
IP rule set. This policy has both the
source and destination network set to
all-nets
and both the source and destination interface set
to
any
. The service would be set to
all_services
in order to trigger on all traffic types.
The following command defines an explicit "drop all" policy with logging disabled:
Device:/> add IPPolicy Name=drop_all
SourceInterface=any
SourceNetwork=any
DestinationInterface=any
DestinationNetwork=all-nets
Service=all_services
Action=Deny
LogEnabled=No
A Valid License Should Be Installed
Lastly, a valid license should be installed to remove the cOS Core 2 hour demo mode limitation.
Without a license installed, cOS Core will have full functionality during the 2 hour period
following startup, but after that, only management access will be possible. Installing a license is
described in
Section 4.5, “License Installation”
.
Chapter 4: cOS Core Configuration
66
Содержание NetWall 100 Series
Страница 1: ...Clavister NetWall 100 Series Getting Started Guide...
Страница 16: ...Chapter 1 NetWall 100 Series Overview 16...
Страница 31: ...Chapter 3 Installation 31...
Страница 72: ...Chapter 4 cOS Core Configuration 72...