Using Network Access Policy Rules
159
When evaluating rules, the Firewall uses the following criteria:
■
A rule defining a specific service is more specific than the default rule.
■
A defined Ethernet link, such as LAN, WAN, or DMZ, is more specific
than
*
(all).
■
A single IP address is more specific than an IP address range.
Rules are listed in the Web interface from most specific to the least
specific, and rules at the top override rules listed below.
Examples of Network
Access Policies
The following examples illustrate methods for creating Network Access
Policy Rules.
Blocking LAN Access to Specific Protocols
This example shows how to block all LAN access to NNTP servers on the
Internet.
1
For the Action, choose
Deny
.
2
From the
Service
list, choose
NNTP.
If the service is not listed in the menu, add it in the
Add Service
window.
3
Select
LAN
from the
Source Ethernet
list.
4
Since all computers on the LAN are to be affected, enter
*
in the
Source
Addr. Range Begin
box.
5
Select
WAN
from the
Destination Ethernet
menu.
6
Since the intent is to block access to all NNTP servers, enter
*
in the
Destination Addr. Range Begin
box.
7
Click
Add Rule
.
Block Access to Specific Users
This example shows how to create a rule which blocks a certain range of
computers, such as a competitor, from accessing the public Web server
on the LAN or DMZ.
1
For the Action, choose
Deny
.
2
From the
Service
list, choose
HTTP
.
3
Select
WAN
from the
Source Ethernet
list.
DUA1611-0AAA02.book Page 159 Thursday, August 2, 2001 4:01 PM
Summary of Contents for SUPERSTACK 3CR16110-95
Page 18: ...18 DUA1611 0AAA02 book Page 18 Thursday August 2 2001 4 01 PM...
Page 50: ...50 DUA1611 0AAA02 book Page 50 Thursday August 2 2001 4 01 PM...
Page 122: ...122 CHAPTER 8 ADVANCED SETTINGS DUA1611 0AAA02 book Page 122 Thursday August 2 2001 4 01 PM...
Page 152: ...152 DUA1611 0AAA02 book Page 152 Thursday August 2 2001 4 01 PM...
Page 174: ...174 DUA1611 0AAA02 book Page 174 Thursday August 2 2001 4 01 PM...
Page 190: ...190 CHAPTER 14 NETWORKING CONCEPTS DUA1611 0AAA02 book Page 190 Thursday August 2 2001 4 01 PM...
Page 192: ...192 DUA1611 0AAA02 book Page 192 Thursday August 2 2001 4 01 PM...
Page 206: ...206 APPENDIX D TECHNICAL SUPPORT DUA1611 0AAA02 book Page 206 Thursday August 2 2001 4 01 PM...
Page 212: ...212 INDEX DUA1611 0AAA02 book Page 212 Thursday August 2 2001 4 01 PM...
Page 214: ...DUA1611 0AAA02 book Page 214 Thursday August 2 2001 4 01 PM...