Public zone firewall templates

Issue 4 May 2005 299

DNS from any IP to any
Common services originating from all internal networks, private, DMZ, management and
semi-private.All other outgoing traffic is blocked.The medium security policy for the public zone is the same as that of the high security policy.The low security policy allows all the traffic allowed for medium security. In addition, all TCP, UDP packets from all networks are allowed to go out.Table 31: Public high and medium security firewall rules
Rule Name Action Source Destination Service Direction Zone Keep State Description
InBoundPu
blicAccess Permit Any PublicIP IKE-IN
IKE- AVAYA-
IN
IPSEC-NAT
-T-IN
AH/ESP
ICMPDEST
UNREACH
ABLE
In Public no Permit
incoming
VPN traffic
and ICMP
unreachable
packet
InBoundPu
blictoDMZA
ccess
Permit Any DMZNet ICMPECHO
REQUEST
SSH/
TELNET
FTP-CTRL
PASSIVEFT
P
HTTP/
HTTPS
DNS-TCP/
DNS-UDP
NETBIOS-N
S-TCP/UDP
NETBIOS-D
GM-TCP/
UDP
NETBIOS-S
SN-TCP/
UDP
POP3/
IMAP/SMTP
NNTP
In Public Yes Permit
incoming
traffic to
DMZ
network
InBoundPu
blicBlockAll Deny Any Any ANY In Public No Deny the
rest of traffic
OutBoundP
ublicAccess Permit PublicIP Any IKE-OU T
IKE- AVAYA-
OUT
IPSEC-NAT
-T-OUT
AH/ESP
ICMPDEST
UNREACH
ABLE
Out Public no Permit
outgoing
VPN traffic
1 of 2