P312 Broadband Security Gateway

The first rule is a default rule to allow DHCP negotiation between the ISP and the P312. The second rule is what we configured in the last 2 screens. See Table 16-2for a detailed explanation of each field.

Figure 19-5

We choose to block packets that don’t match the rules specified below.

We want a log of packets that match this rule in the ACL Default Set.

Click Apply in this screen when you have finished configuring to save your configuration back to the Prestige.

Example 1 - Rule Summary Screen

19.1.2 Example 2 – Small Office With Mail, FTP and Web Servers

Our small office has:

i.A mail server with an IP of 192.168.10.2.

ii.Two FTP servers. We want FTP server One (IP of 192.168.10.3) to be accessible from the Internet, but FTP server Two (192.168.10.4) may only be accessed by internal users, i.e., from the local network.

iii.HTTP proxy server at 192.168.10.5.

We want:

i.To send alerts when there is an attack.

ii.To only allow access to the Internet from the HTTP proxy server and our mail server.

iii.To only allow FTP server One to be accessible from the Internet.

19-6

Examples Firewall Rules

Page 208
Image 208
ZyXEL Communications P-312 manual Example 2 Small Office With Mail, FTP and Web Servers, Example 1 Rule Summary Screen