From the policy list you can re-arrange policies, delete policies, and edit policies. For more information,
see
Arranging policies in the policy list
.
Controlling connections to and from the DMZ
By default the DFL-1000 firewall denies connections between the DMZ and the Internet and between the
DMZ and the internal network. You can configure the firewall to accept, deny, or require authentication for
connections between these networks by adding policies to the following policy lists:
•
Internal to DMZ (Int to DMZ)
Int to DMZ policies control connections from the internal network to the DMZ network. Users on your
internal network would use a connection controlled by an Int to DMZ policy to access your Internet
web server if it is installed on your DMZ.
•
DMZ to Internal (DMZ to Int)
DMZ to Int policies control connections from the DMZ network to the internal network. An e-
commerce web server on your DMZ would use a connection controlled by a DMZ to Int policy to
transfer order information to a database server on your internal network.
•
DMZ to External (DMZ to Ext)
DMZ to Ext policies allow servers on the DMZ network to connect to servers on the Internet. For
example, if you install an SMTP server on your DMZ it must be able to connect to SMTP servers on
the Internet to forward email. You may also have other requirements for computers on the DMZ to be
able to connect to the Internet.
To configure DMZ policies, you must first add DMZ addresses for the servers on your DMZ to the firewall
configuration. See
.
Once the DMZ addresses have been added, you can add and organize DMZ-related policies in the same
way as Int to Ext, Outgoing, and Incoming policies. For examples, see
Controlling connections from the
Controlling connections to the Internet
. For general information about policies, see
Policies
Firewall policies are instructions that the firewall uses to decide what to do with a connection request.
Policies contain information used to identify the characteristics of a connection request. Identifying
information consists of the source address, destination address, and network service (or port number)
used by the connection request. Identifying information also includes the time and date on which the
firewall receives the connection request.
This section contains the following information about policies:
•
•
•
•
•
•
Arranging policies in the policy list
Policy information
Policies direct the firewall to perform actions when a connection request matches the identifying
information. A policy can specify that the firewall accepts, denies, or requests authentication for the
connection. A policy can also record traffic log messages when the policy processes traffic and apply
traffic shaping to the traffic controlled by the policy.
DFL-1000 User’s Manual
33