1.5 Administrator's Guide

  1. Home
  2. Docs
  3. 1.5 Administrator’s Guide
  4. Commissioning the unit
  5. Network configuration
  6. Firewall Configuration
  7. Firewall Policies

Firewall Policies

Policies are used to control the access available to each firewall zone. Policies are explicitly configured to provide a standard way of dealing with traffic moving from one zone to another.

A policy can be configured to respond in one of three ways:

Policy

Action

Accept

Allow traffic between the two zones.

Drop

Ignore any packets travelling from the source zone to the destination zone.

Reject

Reject any packets sent from the source zone to the destination zone with a rejection message.

Applying Default Policies

A comprehensive suite of firewall policies are available for restoration on each system. These policies include what we at Far South believe should be a good “out of the box” policy configuration that would need particular rules and perhaps additional policies to be configured in order to meet the needs of the client.

To add the default policy suite to your configuration, select the Firewall page of the Network tab, and then the Load Defaults option from the options list.

Default Policies:

Source Zone

Destination Zone

Action

Com.X

Internet

Accept

Com.X

LAN

Accept

Com.X

DMZ

Accept

LAN

Com.X

Accept

LAN

Internet

Accept

LAN

DMZ

Accept

DMZ

Com.X

Accept

DMZ

Internet

Accept

DMZ

LAN

Drop

Internet

All Zones

Drop

All Zones

All Zones

Reject

Managing Policies

Policies are evoked in preferential order based on their position in the list on the GUI. By right-clicking on a policy, it can be moved up and down, deleted and edited.

Editing Policies

To edit a policy right-click the policy and select edit. This edit does not allow the changing of source and destination zones (for that a new policy is required) but allows the resultant action to be changed (choosing between Accept, Reject and Drop) as well as select the type of logging required for traffic evoking this policy. Further, a policy can be disabled, and a disabled policy re-enabled.

Creating a New Policy

To create a new firewall policy, select Options, then new policy.