Table of Contents
Advertisement
Security Policy Enforcement
The UTM-1 appliance uses the unique, patented INSPECT engine to enforce the
configured security policy and to control traffic between networks. The INSPECT engine
examines all communication layers and extracts only the relevant data, enabling highly
efficient operation, support for a large number of protocols and applications, and easy
extensibility to new applications and services.
Planning the UTM-1 Firewall Security Policy
Before creating a security policy for your system, answer the following questions:
•
Which services, including customized services and sessions, are allowed across
the network?
•
Which user permissions and authentication schemes are needed?
•
Which objects are in the network? Examples include gateways, hosts, networks,
routers, and domains.
•
Which network objects can connect to others, and should the connections be
encrypted?
•
What should be the event logging policy?
•
Which Quality of Service (QoS) classes will you need?
Default Security Policy
The UTM-1 default security policy includes the following rules:
•
Access is blocked from the WAN (Internet) to all internal networks (LAN,
DMZ, primary WLAN, VLANs, VAPs, and OfficeMode).
•
Access is allowed from the internal networks to the WAN, according to the
firewall security level (Low/Medium/High).
•
Access is allowed from the LAN network to the other internal networks (DMZ,
primary WLAN, VLANs, VAPs, and OfficeMode).
•
Access is blocked from the DMZ, primary WLAN, VLAN, VAP, and
OfficeMode networks to the other internal networks, (including between
different VLANs and VAPs).
Chapter 12: Setting Your Security Policy
Default Security Policy
327
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the UTM-1 Edge and is the answer not in the manual?
Questions and answers