Firewall
Configuring Firewall Rules to Control Inbound and Outbound Traffic
Cisco ISA500 Series Integrated Security Appliances Administration Guide 259
6
•Match Action: Choose the action for traffic when the packet hits the firewall
rule.
-Deny: Deny access.
-Permit: Permit acc ess.
-Accounting: Increase the Hit Count number by one when the packet hits
the firewall rule.
STEP 4 Click OK to save your settings.
STEP 5 Click Save to apply your settings.
NOTE In addition to firewall rules, you can use the following methods to control traffic:
• Prevent common types of attacks. See Configuring Attack Protection,
page 287.
• Allow or block traffic from specified MAC addresses. See Configuring
MAC Address Filtering to Permit or Block Traffic, page 285
• Associate the IP address with the MAC address to prevent spoofing. See
Configuring IP-MAC Binding to Prevent Spoofing, page 286
• Allow or block the websites that contain specific domains or URL
keywords. See Configuring Content Filtering to Control Internet Access,
page 281.
Configuring a Firewall Rule to Allow Multicast TrafficBy default, multicast traffic from Any zone to Any zone is blocked by the firewall. To
enable multicast traffic, you must first uncheck Block Multicast Packets in the
Firewall > Attack Protection page, and then manually create firewall rules to
allow multicast forwarding from a specific zone to other zones. The security
appliance predefines a multicast address (IPv4_Multicast) for this purpose.
For example, IGMP Proxy can be active from WAN zone to LAN zone. When you
enable IGMP Proxy and want to receive multicast packets from WAN zone to LAN
zone, you must uncheck Block Multicast Packets in the Firewall > Attack
Protection page, and then create a firewall rule to permit multicast traffic from
WAN zone to LAN zone.