Example 6: Controlling Access At Corporate Headquarters - Watchguard V10 User Manual

2
Reconfigure all of the computers in the private
network to use a default gateway corresponding to
interface 0 of the Firebox Vclass appliance. In this
example, the gateway is 126.20.20.1.
3
Create three separate policies, permitting access to
different servers in the DMZ network.
4
Define an email service for the DMZ interface, enabling
subscribers to send email.
5
Create a policy to allow all employees on the Private
interface to access the Internet.
When you have finished, the complete set of policies
should resemble this list, and be listed in exactly this order
in the Policies table:
Name
Allow_Public_
Webserver
Allow_Subscribers_
Email
Allow_DMZ_
SendMail
Allow_Subscribers_
FTP
Allow_Outbound
IP addresses are shown for these examples. You must define
a separate address group entry for each policy.
Example 6: Controlling access at corporate
headquarters
Lubec Corporation wants to augment an existing corporate
firewall to provide the following access controls:
• Only authorized internal network users can surf the
Internet during working hours. All other users have
access only during non-work hours.
Firebox Vclass User Guide
Src Dest
ANY 127.10.10.4
*
ANY 127.10.10.3
*
127.10.10.3 ANY
*
ANY 127.10.10.2
*
ANY ANY
N
OTE
Firewall Policy Examples
Srvc In Action
HTTP 1 Pass
Email 1 Pass
Email 2 Pass
FTP 1 Pass
ANY 0 Pass
219