Policy to deny FTP connections to the Internet from an internal subnet:
Accepting connections to the Internet from the internal network
Create policies that accept connections to the Internet from the internal network to control the
connections that are available.
You can use policies to accept connections:
•
From addresses on your internal network (see
)
•
To addresses on the Internet (see
)
•
To services (see
•
According to a one-time or recurring schedule (see
)
Policies that accept connections can be used in the following ways:
•
Add policies that accept connections as exceptions to policies that deny connections
For example, if a policy denies connections to a subnet, you can add a policy that accepts
connections from one of the computers on the subnet. Policies that accept connections in this way
must be added to the policy list above the connections that they are exceptions to.
•
Delete the default policy and then add policies to accept only the connections that you want the
firewall to accept
In this way you can limit Internet access to that allowed in the policies that you create. You must
delete the default policy because if it remains in the policy list, all connections that do not match a
policy will be accepted by the default policy.
Adding a policy to accept connections
•
Add addresses, services, or schedules as required.
•
Go to
Firewall > Policy > Int to Ext
. (In Transparent mode go to
Firewall > Policy > Outgoing
.)
•
Click New to add a policy.
You can also click Insert Policy before
on a policy in the list to add the new policy above a specific
policy.
•
Configure the policy.
Source
Select the Internal address from which to accept connections.
Destination
Select the Internet address for which to accept connections.
DFL-1000 User’s Manual
31