Firewall rules set up
Issue 4 May 2005 165
You select View>Firewall to add domain firewall rules. You can apply common rules to all or
some of the devices within the domain when firewall rules are added at the domain level. When
firewall rules are applied at the domain level, they can be applied to several devices at the same
time which can reduce the complexity of defining security for each device.
To create domain level firewall rules:1. From the Configuration Console window, select View>Firewall.
2. From the Firewall tab Firewall Global and Device area, click Domain.
3. Click Add to start the Firewall Policy wizard.
4. Complete the Firewall Wizard dialog
●In the Name text box, type a unique name that identifies the rule.
●By default, the Status is Enabled and the Action is Permit. Change these if they are not
the correct settings.
●In the Memo area, type notes to describe the firewall (optional)
5. Click Next to display the Device dialog. Select the devices to apply the rule. Click Move
Left to move the selected members to the Device(s) for this Rule column.
6. Click Next to display the Source dialog. Select the sources; click Move Left to move the
selected source to the Source column. Click Next.
7. From the Available Destination(s) column, select the destination; click Move Left. Click
Next.
8. From the Available Service column, select the services; click Move Left. Click Next.
9. The Firewall Wizard Configuration dialog is displayed. From the Zone list, select the zone to
which you want to apply this rule. For maximum flexibility and capabili ty, the firewall rules for
the security gateway can be specified for a particular zone. The packets are checked
against the firewall rules at the interface where they are defined.
10. In the Direction list, select In or Out. The direction is in respect to the security gateway.
11. If you want this rule to be logged. select Enable Log. If you do not select Enable Log, this
rule does not appear in the Monitor>Firewall Log display.
12. If the filter rule set for the intended traffic is also to be applied to the reply packets, select
Keep State. This function can be applied to TCP, UDP, and ICMP packet s.
13. If you want to change the default time-out settings for the TCP state, UDP state, or ICMP
state, click Advanced.
Note:
Note: Keep State sets up a state table, with each entry set up by the sending side.
Reply packets pass through a matching filter that is based on the respective state
table entry. A state entry is not created for packets that are denied.