How Firewall Rule Enforcement Works

STEP G To record sessions matching this firewall rule in the Firewall Session Log (for permitted sessions) or Firewall Block log (for blocked sessions), check Enable logging.

To offload log entries to a remote syslog server, check Enable syslog logging.

STEP 4 In the Network table, configure the Source zone parameters.

STEP A From the Source Zone drop-down list, select the source security zone for this firewall rule.

Select ANY from the list if you want the firewall rule to match traffic from any source zone.

Select this-devicefrom the list if you want to match traffic from the X family device itself, for example to allow the device to send HTTP packets, Auto DV Update requests, or Web Filter requests to the LAN.

Note An implicit this-device ==> ANY rule is provided by default at the end of the firewall rule table. We recommend not overriding this implicit rule.

STEP B For Source IP, select the IP addresses in the source zone to which you want to apply the rule, either:

Select All IP addresses. This is the default selection.

Select IP Address Group and then select the group from the drop-down list.

Select IP Subnet and type the IP address/subnet mask.

Select IP Range and type the range of IP addresses.

STEP 5 In the Network table, configure the Destination zone parameters.

STEP A From the Destination Zone drop-down list, select the destination security zone for this firewall rule.

Select ANY from the list if you want the firewall rule to match traffic to any destination zone.

Select this-devicefrom the list if you want to match traffic destined for the X family device itself, for example to allow you to manage the device using HTTPS, allow Auto DV Updates, or Web Filtering.

STEP B For Destination IP, select the IP addresses in the destination zone to which you want to apply the rule; do one of the following:

Select All IP addresses. This is the default setting.

Select IP Address Group and then select the group from the drop-down list.

Select IP Subnet and enter the IP address/subnet mask.

Select IP Range and enter the range of IP addresses.

STEP 6 In the Firewall Rule Setup (Advanced) table, if required, check Enable bandwidth management . Bandwidth management only works on Permit rules.

X Family LSM User’s Guide V 2.5.1

73