Roles and Policies
15.1 Firewall Policies
SCALANCE W1750D UI
Configuration Manual, 02/2018, C79000-G8976-C451-02
245
5.
To configure a rule to control access to network services, select Network under service
category and specify the following parameters:
Service Category
Description
Network
Select a service from the list of available services. You can allow or
deny access to any or all of the services based on your requirement:
l any—Access is allowed or denied to all services.
l custom—Available options are TCP, UDP, and Other. If you select the
TCP or UDP options, enter appropriate port numbers. If you select the
Other option, enter the appropriate ID.
NOTE: If Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP) use the same port, ensure that you configure separate
access rules to permit or deny access.
Action
Select any of following actions:
•
Select Allow to allow access to users based on the access rule.
•
Select Deny to deny access to users based on the access rule.
•
Select Destination-NAT to allow making changes to the destination
IP address.
•
Select Source-NAT to allow making changes to the source IP ad-
dress.
Default: All client traffic is directed to the default VLAN.
Tunnel: The traffic from the Network Assigned clients is directed to the
VPN tunnel.
VLAN: Specify the non-default VLAN ID to which the guest traffic
needs to be redirected to.
Destination
Select a destination option for the access rules for network services,
applications, and application categories. You can allow or deny access
to any the following destinations based on your requirements.
•
to all destinations— Access is allowed or denied to all destinations.
•
to a particular server—Access is allowed or denied to a particular
server. After selecting this option, specify the IP address of the des-
tination server.
•
except to a particular server—Access is allowed or denied to serv-
ers other than the specified server. After selecting this option, spec-
ify the IP address of the destination server.
•
to a network—Access is allowed or denied to a network. After se-
lecting this option, specify the IP address and netmask for the des-
tination network.
•
except to a network—Access is allowed or denied to networks other
than the specified network. After selecting this option, specify the IP
address and netmask of the destination network.
•
to domain name—Access is allowed or denied to the specified
domains. After selecting this option, specify the domain name in the
Domain Name text box.
Log
Select the Log check box if you want a log entry to be created when
this rule is triggered. SCALANCE W supports firewall-based logging.
Firewall logs on the APs are generated as security logs.
Содержание SCALANCE W1750D UI
Страница 18: ...About this guide SCALANCE W1750D UI 18 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 28: ...About SCALANCE W 3 3 SCALANCE W CLI SCALANCE W1750D UI 28 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 108: ...IPv6 Support 10 4 Debugging Commands SCALANCE W1750D UI 108 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 326: ......
Страница 356: ......
Страница 374: ......
Страница 416: ......
Страница 440: ......
Страница 450: ...Intrusion Detection 27 4 Configuring IDS SCALANCE W1750D UI 450 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 470: ......
Страница 480: ......
Страница 496: ......
Страница 518: ...Hotspot Profiles 33 3 Sample Configuration SCALANCE W1750D UI 518 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 528: ......
Страница 552: ......
Страница 570: ...Appendix B 3 Glossary SCALANCE W1750D UI 570 Configuration Manual 02 2018 C79000 G8976 C451 02 ...