Configuring The Firewall Access Rules To Control Inbound And Outbound Traffic; Default Firewall Settings - Cisco ISA500 Series Administration Manual

Firewall

Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic

Configuring the Firewall Access Rules to Control Inbound and
Outbound Traffic
NOTE
Cisco ISA500 Series Integrated Security Appliance Administrator Guide
The zone-based firewall access rules can permit or deny inbound or outbound
traffic based on the zone, service, source and destination address. It includes the
following sections:
• Default Firewall Settings, page 178
• Priorities of Firewall Access Rules, page 180
• Preliminary Tasks for Configuring the Firewall Access Rules, page 180
• General Settings for Configuring the Firewall Access Rules, page 181
• Configuring a Firewall Access Rule, page 183
• Configuring a Firewall Access Rule to Allow the Multicast Traffic,
page 185
For detailed firewall configuration examples, see
Configuration Examples, page

Default Firewall Settings

By default, your firewall prevents all traffic from a lower security level to a higher
security level (commonly known as Inbound) and allows all traffic from a higher
security level to a lower security level (commonly known as Outbound). If you want
to allow some inbound access or prevent some outbound access, you must
configure the firewall access rules.
The following table lists the default access control settings for the traffic between
different security levels. For more information about the security level definition for
zones, see Security Levels for Zones, page
From\To
Trusted(100)
Trusted(100) Deny
VPN(75) Deny
Firewall Access Rule
187.
128.
VPN(75) Public(50)
Permit Permit
Deny Permit
6
GUEST(25) Untrust(0)
Permit Permit
Permit Permit
178