Firewall
Configuring Firewall Rules to Control Inbound and Outbound Traffic
Cisco ISA500 Series Integrated Security Appliances Administration Guide 255
6
NOTE ACL rules are applicable for inter-VLAN traffic, whether within a zone or
between zones. You cannot set ACL rules for intra-VLAN traffic, such as LAN to
LAN.
Priorities of Firewall RulesThe security appliance includes three types of firewall rules:
•Default firewall rules: The firewall rules that are defined on the security
appliance for all predefined zones and new zones. The default firewall rules
cannot be deleted nor edited.
•Custom firewall rules: The firewall rules that are configured by the users.
The security appliance supports up to 100 custom firewall rules.
•VPN firewall rules: The firewall rules that are automatically generated by
the zone access control settings in your VPN configurations. The VPN
firewall rules cannot be edited in the Firewall > Access Control > ACL Rules
page. To edit the zone access control settings in your VPN configurations,
go to the VPN pages.
All firewall rules are sorted by the priority. The custom firewall rules have the
highest priority. The VPN firewall rules have higher priorities than the default
firewall rules, but lower than the custom firewall rules.
Preliminary Tasks for Configuring Firewall RulesDepending on the firewall settings that you want to use, you may need to
complete the following tasks before you configure firewall rules:
• To create a firewall rule that applies only to a specific zone except the
predefined zones, first create the zone. See Configuring Zones, page146.
VOICE Deny N/A Permit Permit Permit Permit Permit
VPN Deny Deny N/A Deny Permit Permit Permit
SSLVPN Deny Deny Deny N/A Permit Permit Permit
DMZ Deny Deny Deny Deny N/A Permit Permit
GUEST Deny Deny Deny Deny Deny N/A Permit
WAN Deny Deny Deny Deny Deny Deny N/A