Table of Contents
Advertisement
Table 36: Private low security firewall rules
Rule Name
InBoundPriv
ateDenyAcc
ess
InBoundPriv
atePermitAll
OutBoundPri
vateDenyAcc
ess
OutBoundPri
vateDenyAll
Semi-private zone firewall templates
A semi-private network interface provides connection to a network whose equipment can be
made physically secure, but whose medium is vulnerable to attack (such as a Wireless network
used within a corporation's Private network infrastructure).
Because wireless connections cannot be easily controlled, strict firewall policy should be
enforced on the semi-private interface to limit the access from the semi-private zone to VPN
traffic. Clear traffic to Private and Management zones is not allowed. Common services to DMZ
are allowed and clear traffic to Public is allowed.
The semi-private high security rules are enforced for both incoming and outgoing packets as
follows.
Incoming traffic to the semi-private zone allowed includes:
VPN traffic. The VPN tunnel endpoints could be semi-private IP or Public IP.
Ping, DNS
ICMP unreachable packets
The following clear traffic is allowed
The source is semi-private and the destination is DMZ servers, with the following common
services: PING, FTP control, Passive Data FTP, SSH, Telnet, HTTP, HTTPs, POP3, IMAP,
SMTP, and NNTP.
Action
Source
Destination
Deny
Any
ManagementNet
Permit
Any
Any
Deny
DMZNet
Any
Permit
Any
Any
Semi-private zone firewall templates
Servi
Direction
Zone
ce
Any
In
Private
Any
In
Private
Any
Out
Private
Any
Out
Private
Keep
Description
State
No
Traffic to
Managemen
tNet is
denied.
Yes
Permit WI/
VMGR and
VPN, clear
traffic to
PUBLIC
No
Deny traffic
from and
SemiPrivate
Net
Yes
Permit
incoming
VPN
Issue 4 May 2005
305
Advertisement
Table of Contents
