Firewall
Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
Configuring the Firewall Access Rules to Control Inbound and
Outbound Traffic
NOTE
Cisco ISA500 Series Integrated Security Appliance Administrator Guide
The zone-based firewall access rules can permit or deny inbound or outbound
traffic based on the zone, service, source and destination address. It includes the
following sections:
•
Default Firewall Settings, page 178
•
Priorities of Firewall Access Rules, page 180
•
Preliminary Tasks for Configuring the Firewall Access Rules, page 180
•
General Settings for Configuring the Firewall Access Rules, page 181
•
Configuring a Firewall Access Rule, page 183
•
Configuring a Firewall Access Rule to Allow the Multicast Traffic,
page 185
For detailed firewall configuration examples, see
Configuration Examples, page
Default Firewall Settings
By default, your firewall prevents all traffic from a lower security level to a higher
security level (commonly known as Inbound) and allows all traffic from a higher
security level to a lower security level (commonly known as Outbound). If you want
to allow some inbound access or prevent some outbound access, you must
configure the firewall access rules.
The following table lists the default access control settings for the traffic between
different security levels. For more information about the security level definition for
zones, see
Security Levels for Zones, page
From\To
Trusted(100)
Trusted(100)
Deny
VPN(75)
Deny
Firewall Access Rule
187.
128.
VPN(75)
Public(50)
Permit
Permit
Deny
Permit
6
GUEST(25)
Untrust(0)
Permit
Permit
Permit
Permit
178