Public zone firewall templatesIssue 4 May 2005 301Rule Name Action Source Destination Service Direction Zone Keep
State Description
InBoundPu
blicAccess Permit Any PublicIP IKE_IN
IPSEC_NAT_T_IN
AH/ESP
ICMPDestUnreach
In Public no Permit
incoming
VPN traffic
and ICMP
unreachable
packet
InBoundPu
blictoDMZA
ccess
Permit Any DMZNet ICMPEchoReq(PING)
FTP-Ctrl/PassiveFTP
SSH/TELNET
HTTP/HTTPS
DNS-TCP/DNS-UDP
POP3/IMAP/SMTP
NNTP
In Public Yes Permit
incoming
traffic to
DMZ
network
InBoundPu
blicBlockAll Deny Any Any Any In Public No Deny the
rest of traffic
OutBoundP
ublicAcces
s
Permit PublicIP A ny IKE_OUT
IPSEC_NAT_T_OUT
AH/ESP
ICMPDestUnreach
Out Public no Permit
outgoing
VPN traffic
OutBoundP
ublickPing
Access
Permit DNZNet
PrivateN
et
SemiPriv
ateNat
Manage
mentNet
Any ICMPEchoRequest Out Public Yes Permit
outgoing
ping access.
OutBoundP
ublicDNSA
ccess
Permit PublicIP
DMZNet
PrivateN
et
SemiPriv
ateNet
Manage
mentNet
Any DNS-TCP
DNS-UDP Out Public Yes Permit
outgoing
DNS
access.
OutBoundP
ublicGener
alAccess
Permit Any Any ICMPEchoReq(PING)
FTP-Ctrl/PassiveFTP
SSH/TELNET
HTTP/HTTPS
DNS-TCP/DNS-UDP
POP3/IMAP/SMTP
Out Public Yes Permit traffic
with the
services to
go out. The
traffic can
come from
any network.
OutBoundP
ublicBlockA
ll
Deny Any Any Any Out Public No Deny the
rest of traffic