Firewall
Configuring Firewall Rules to Control Inbound and Outbound Traffic
Cisco ISA500 Series Integrated Security Appliances Administration Guide 254
6
By default, the firewall prevents all traffic from a lower security zone to a higher
security zone (commonly known as Inbound) and allows all traffic from a higher
security zone to a lower security zone (commonly known as Outbound).
For example, all traffic from the LAN (trusted zone) to the WAN (untrusted zone) is
permitted, and traffic from the WAN (untrusted zone) to the DMZ (public zone) is
blocked.
When you create a new zone, such as a Data zone, firewall rules are automatically
generated to permit or block traffic between that zone and other zones, based on
the security levels for the From and To zones .
The following table displays the default access control settings for traffic between
the zones in the same or different security levels.
If you want to alter the default behaviors—for example, allowing some inbound
access to your network (WAN to LAN) or blocking some outbound traffic from your
network (LAN to WAN)—you must create firewall rules.
Use the Default Policies page to view the default firewall behaviors for all
predefined zones and new zones.
STEP 1 Click Firewall > Acces s Control > Default Policies.
STEP 2 Click the triangle to expand or contract the default access control settings for a
specific zone. The following behaviors are defined for all predefined zones.
From/To Trusted(100) VPN(75) Public (50) Guest(25) Untrusted(0)
Trusted(100) Deny Permit Permi t Permit Permit
VPN(75) Deny Deny Per mit Perm it Permit
Public(50) Deny Deny Deny Permit Permit
Guest(25) Deny Deny Deny Deny Permit
Untrusted(0) Deny Deny Deny Deny Deny
From/To LAN VOICE VPN SSLVPN DMZ GUEST WAN
LAN N/A Deny Permit Permit Permit Permit Permit