Chapter 4 Firewall
You can view and manage Firewall Rules and configuration options from the Firewall menu pages. The menu provides the following options:
•Firewall Rules —Allows you to manage and configure security policy to monitor traffic between security zones. You can also specify IP hosts/subnets/rangesto monitor traffic within a specified zone. You can optionally configure services, rate limiting, scheduling, authentication, and web filtering as part of each firewall rule.
•Services —Manage services based on applications and protocols that can be configured in a firewall rule to police the traffic. The X family device supports a predefined list of services and also allows you to define custom services and IP protocol numbers. You can also create a Service Group so you can configure one firewall rule to apply to multiple services without having to configure each service separately. You only need to configure services if you want to change the port and protocol settings for an existing service, or create a new service.
•Schedules —The X family device allows you to create schedules, which are used to limit when a firewall rule operates. Schedules contain intervals of days and hours when the firewall rule applies. You only need to configure schedules if you require a firewall rule that will only apply at certain days and times.
•Virtual Servers —The X family device allows you to configure virtual servers on your LAN, which are protected by the device firewall, so they can be accessed from the Internet or another security zone without exposing the internal network IP addresses. You should configure virtual servers for internal servers that need to be reached from the internet. A common application for Virtual Servers is to create a Demilitarized Zone (DMZ).
•Web Filtering —Web filtering allows you to configure a subscription-based content filtering service and/or specify URL filters to permit or deny traffic based on specific URLs or URL patterns. To enable web filtering, you must configure a firewall rule with the action set to Web Filtering.
Note Before setting up Firewall Rules, verify that the Network configuration (IP address groups, Virtual Interfaces, and Security Zones) has been set up correctly for your environment. For information, see Chapter 6‚ “Network”.
For details, see the following sections:
•“How Firewall Rule Enforcement Works” on page 64
•“Default Firewall Rules” on page 67
•“Managing Firewall Rules” on page 68
•“Firewall Services” on page 75
•“Schedules” on page 79
•“Virtual Servers” on page 82
How Firewall Rule Enforcement Works
The following is an example of how the X family enforces firewall rules for a session request, for example, when a user requests a Web page using a browser.