Firewall Configuration
This chapter describes how to use firewall policies to establish and control connectivity through the DFL-500
firewall. This chapter contains the following sections:
•
Policies
•
Controlling connections from the Internet
•
Controlling connections to the Internet
•
Addresses
•
Services
•
Schedules
•
Users and authentication
•
Virtual IPs
•
IP/MAC binding
•
Traffic shaping
Policies
By default the DFL-500 firewall allows all connections from the internal network to the Internet and blocks all
connections from the Internet. Customizing the firewall configuration involves creating firewall policies to allow
some connections that are blocked by default and to block or control some connections that are allowed by
default. Before customizing the configuration of your DFL-500, you need to understand firewall policies.
Firewall policies are instructions that the firewall uses to decide what to do with a connection request. Policies
contain information used to identify the characteristics of a connection request. Identifying information
consists of the source address, destination address, and network service (or port number) used by the
connection request. Identifying information also includes the time and date on which the firewall receives the
connection request.
This section contains the following information about policies:
•
Types of policies
•
Policy information
•
Default policy
•
Adding policies
•
Editing policies
•
Policy matching
•
Arranging policies in the policy list
Types of policies
In NAT mode you can create the following types of policies:
•
Int to Ext that control connections from the Internal network to the Internet
•
Incoming that control connections from the Internet to the internal network
In Transparent mode you can create the following types of policies:
•
Outgoing that control connections from the Internal network to the Internet
•
Incoming that control connections from the Internet to the internal network
DFL-500 User's Manual
23