Setting Up A Policy To Allow Connections To A Dmz - D-Link NetDefendOS User Manual

For example, if Dynamic Web Content Filtering is to be enabled with an IP Policy object then the
associated Service object must have its Protocol property set to HTTP.
Application control is the one IP policy option which does not require the Service object to have
its Protocol property set since application control does not make use of an ALG.
Viewing the IP Rules Created by IP Policies
IP Policy objects are implemented in the background using IP Rule objects. These background IP
rules cannot be viewed through the Web Interface. However, they can be viewed in the output
from the following CLI command:
gw-world:/> rules
Usually, the administrator never needs to be aware of the IP rules that are used to implement an
IP policy.
Example 3.35. Setting up a Policy to Allow Connections to a DMZ
In this example, new HTTP connections will be allowed from the internal lan_net network on the
lan interface to the network dmz_net on the dmz interface.
Command-Line Interface
gw-world:/> add IPPolicy SourceInterface=lan
Web Interface
1. Go to: Policies > Firewalling > Add > IP Policy
2. Now enter:
• Name: lan_to_dmz
• Action: Allow
• Source Interface: lan
• Source Network: lan_net
• Destination Interface: dmz
• Destination Network: dmz_net
• Service: http-all
3. Select OK
SourceNetwork=lan_net
DestinationInterface=dmz
DestinationNetwork=dmz_net
Service=http-all
Name=lan_to_dmz
Action=Allow
247
Chapter 3: Fundamentals