Table of Contents
Advertisement
6
GUI: Firewall Settings
Adding a rule
On the Advanced filtering page:
1 Click Add next to the interface for which your want to create a rule.
2 The Add Advanced Filter page appears.
The following sections are available for configuration:
Matching:
To apply a firewall rule, a match must be made between IP addresses or ranges
and ports. Use the Source Address and Destination Address drop-down lists
to define the coupling of source and destination traffic. Port matching will be
defined when selecting protocols. For example, if the FTP protocol is selected,
port 21 will be checked for matching traffic flow between the defined source
and destination IPs.
Operation:
This is where the action the rule will take is defined. Select one of the following
radio buttons:
Drop
Deny access to packets that match the source and destination IP addresses
and vCP reset to the origination peer.
Accept
Allow access to packets that match the source and destination IP addresses
and protocol ports defined in upper section of the screen. The data transfer
session will be handled using Stateful Packet Inspection (SPI).
Accept Packet
Allow access to packets that match the source and destination IP addresses
and protocol ports defined in upper section of the screen. The data transfer
session will not be handled using Stateful Packet Inspection (SPI), so other
packets that match this rule will not be automatically allowed access. This
setting is useful when creating rules that allow broadcasting.
Logging:
Select Log Packets Matched by This Rule to add entries relating to this rule
to the security log. For more information, see
When should this rule occur?
Allows you to specify when the rule must be active. Select:
Always if advanced filtering needs to be active all the time.
DMS-CTC-20110909-0007 v2.0
"6.9 Security Log" on page
70.
68
Advertisement
Table of Contents
Troubleshooting
