Firewall

6

 

Configuring Firewall Rules to Control Inbound and Outbound Traffic

 

 

 

 

 

Default Firewall Settings

By default, the firewall prevents all traffic from a lower security zone to a higher security zone (commonly known as Inbound) and allows all traffic from a higher security zone to a lower security zone (commonly known as Outbound).

For example, all traffic from the LAN (trusted zone) to the WAN (untrusted zone) is permitted, and traffic from the WAN (untrusted zone) to the DMZ (public zone) is blocked.

When you create a new zone, such as a Data zone, firewall rules are automatically generated to permit or block traffic between that zone and other zones, based on the security levels for the From and To zones.

The following table displays the default access control settings for traffic between the zones in the same or different security levels.

From/To

Trusted(100)

VPN(75)

Public(50)

Guest(25)

Untrusted(0)

 

 

 

 

 

 

Trusted(100)

Deny

Permit

Permit

Permit

Permit

 

 

 

 

 

 

VPN(75)

Deny

Deny

Permit

Permit

Permit

 

 

 

 

 

 

Public(50)

Deny

Deny

Deny

Permit

Permit

 

 

 

 

 

 

Guest(25)

Deny

Deny

Deny

Deny

Permit

 

 

 

 

 

 

Untrusted(0)

Deny

Deny

Deny

Deny

Deny

 

 

 

 

 

 

If you want to alter the default behaviors—for example, allowing some inbound access to your network (WAN to LAN) or blocking some outbound traffic from your network (LAN to WAN)—you must create firewall rules.

Use the Default Policies page to view the default firewall behaviors for all predefined zones and new zones.

STEP 1 Click Firewall > Access Control > Default Policies.

STEP 2 Click the triangle to expand or contract the default access control settings for a specific zone. The following behaviors are defined for all predefined zones.

From/To

LAN

VOICE

VPN

SSLVPN

DMZ

GUEST

WAN

 

 

 

 

 

 

 

 

LAN

N/A

Deny

Permit

Permit

Permit

Permit

Permit

 

 

 

 

 

 

 

 

Cisco ISA500 Series Integrated Security Appliances Administration Guide

254

Page 254
Image 254
Casio ISA550WBUN3K9 manual Default Firewall Settings, Click Firewall Access Control Default Policies