Cisco Systems ISA550 Blocking Outbound Traffic by Schedule and IP Address Range, Blocking Outbound Traffic to an Offsite Mail Server

Firewall

Firewall and NAT Rule Configuration Examples

Cisco ISA500 Series Integrated Security Appliances Administration Guide 280

Blocking Outbound Traffic by Schedule and IP Address Range

Use Case: Block all weekend Internet usage if the request originates from a

specified range of IP addresses.

Solution: Create an address object with the range 10.1.1.1 to 10.1.1.100 called

“TempNetwork” and a schedule called “Weekend” to define the time period when

the firewall rule is in effect. Then create a firewall rule as follows:

Blocking Outbound Traffic to an Offsite Mail Server

Use Case: Block access to the SMTP ser vice to prevent a user from sending email

through an offsite mail server.

Solution: Create a host address object with the IP address 10.64.173.20 called

“OffsiteMail” and then create a firewall rule as follows:

Services CU-SEEME

Source Address OutsideNetwork

Destination Address InternalIP

Match Action Permit

From Zone LAN

To Z one WA N

Services HTTP

Source Address Tem p N e t w o r k

Destination Address Any

Schedule Weekend

Match Action Deny