•
Arranging policies in the Int to Ext and Outgoing policy list
Denying connections to the Internet from the internal network
Create policies that deny connections to the Internet from the internal network to restrict the full access to
the Internet granted by the default policy.
You can use policies to deny connections:
•
From addresses on your internal network (see
)
•
To addresses on the Internet (see
)
•
To services (see
•
According to a one-time or recurring schedule (see
)
Since policy matching works on a first-match principle, you must add deny policies above the default
policy. You must also add deny policies above matching policies that accept connections.
Adding a policy to deny connections
•
Add addresses, services, or schedules as required.
•
Go to
Firewall > Policy > Int to Ext
. (In Transparent mode go to
Firewall > Policy > Outgoing
.)
•
Click New to add a policy.
You can also click Insert Policy before
on a policy in the list to add the new policy above a specific
policy.
•
Configure the policy.
Source
Select the Internal address from which to deny connections.
Destination
Select the Internet address to which to deny connections.
Schedule
Select a schedule to control when the policy denies connections.
Service
Set Service to the service to deny.
Action
Select Deny.
Log Traffic
Optionally select Log Traffic to add messages to the traffic log whenever the policy accepts a
connection.
Traffic
Shaping
Optionally, select Traffic Shaping to control the bandwidth available to and set the priority of
the traffic processed by the policy.
•
Click OK to save the policy.
DFL-1000 User’s Manual
30