•
Click OK to save the policy.
Editing policies
To edit a policy:
•
Go to
Firewall > Policy
.
•
Click the tab corresponding to the type of policy to edit.
•
Choose a policy to edit and click Edit
.
•
Edit the policy settings as required.
You can change any of the policy settings as required.
•
Click OK to save your changes.
Policy matching
For every connection attempt, the DFL-1000 must choose the policy to apply to the connection. To match
a policy with a connection attempt, the DFL-1000 extracts the source address, destination address, and
service (or port number) from the connection attempt. Then the DFL-1000 begins at the top of the policy
list and searches for the first policy with matching addresses, service, and with a schedule that matches
the time at which the connection attempt was received. The first policy that matches is applied to the
connection attempt. If no policy matches, the connection is denied.
The default policy accepts all connection attempts from the internal network to the Internet. From the
internal network, users can browse the web, use POP3 to get email, use FTP to download files through
the DFL-1000 and so on. If the default policy is at the top of the internal policy list, the DFL-1000 allows
all connections from the internal network to the Internet because all connections match with the default
policy. Any policies in the list below the default policy are never matched.
For the policy to block FTP connections shown in
Sample Int to Ext policy to deny FTP connections
effective, it must be moved above the default policy in the policy list. Then, all FTP connection attempts
from the internal network would match the FTP policy and be blocked. Connection attempts for all other
kinds of services would not match with the FTP policy but they would match with the default policy. So the
firewall would accept all other connections.
Arranging policies in the policy list
Once you have added policies to a policy list, you can use the following steps to arrange them as required.
•
Go to
Firewall > Policy
.
•
Click the tab corresponding to the policy list to arrange.
•
Choose a policy to move and click Move To
to change its order in the policy list.
•
Type a number in the Move to field to specify where in the policy list to move the policy to and click
OK.
•
Click Delete
to remove a policy from the list.
Addresses
All DFL-1000 policies require source and destination IP addresses. By default, the DFL-1000 includes two
addresses that cannot be edited or deleted:
•
Internal_All on the Internal address list which represents the IP addresses of all of the computers on
your internal network
•
External_All on the External address list which represents the IP addresses of all of the computers on
the Internet
You can add the following types of addresses:
DFL-1000 User’s Manual
35