Policies are used to control the access available to each firewall zone. Policies are explicitly configured to provide a standard way of dealing with traffic moving from one zone to another.
A policy can be configured to respond in one of three ways:
Policy |
Action |
Accept |
Allow traffic between the two zones. |
Drop |
Ignore any packets travelling from the source zone to the destination zone. |
Reject |
Reject any packets sent from the source zone to the destination zone with a rejection message. |
Applying Default Policies
A comprehensive suite of firewall policies are available for restoration on each system. These policies include what we at Far South believe should be a good “out of the box” policy configuration that would need particular rules and perhaps additional policies to be configured in order to meet the needs of the client.
To add the default policy suite to your configuration, select the Firewall page of the Network tab, and then the Load Defaults option from the options list.
Default Policies:
Source Zone |
Destination Zone |
Action |
Com.X |
Internet |
Accept |
Com.X |
LAN |
Accept |
Com.X |
DMZ |
Accept |
LAN |
Com.X |
Accept |
LAN |
Internet |
Accept |
LAN |
DMZ |
Accept |
DMZ |
Com.X |
Accept |
DMZ |
Internet |
Accept |
DMZ |
LAN |
Drop |
Internet |
All Zones |
Drop |
All Zones |
All Zones |
Reject |
Managing Policies
Policies are evoked in preferential order based on their position in the list on the GUI. By right-clicking on a policy, it can be moved up and down, deleted and edited.
Editing Policies
To edit a policy right-click the policy and select edit. This edit does not allow the changing of source and destination zones (for that a new policy is required) but allows the resultant action to be changed (choosing between Accept, Reject and Drop) as well as select the type of logging required for traffic evoking this policy. Further, a policy can be disabled, and a disabled policy re-enabled.
Creating a New Policy
To create a new firewall policy, select Options, then new policy.