Table of Contents
Advertisement
Chapter 22 Policy
CS-2001 inspects each packet passing through the device to see if it meets the
criteria of any policy. Every packet is processed according to the designated policy,
consequently any packets that do not meet the criteria will not be permitted to pass.
The items of a policy include Source Address, Destination Address, Service,
Schedule, Authentication, VPN Trunk, Action, Log, Statistics, Web Filter, Application
Blocking, IDP, Anti-Virus, Anti-Spam, Mail Archive/ Audit, QoS, MAX. Bandwidth
Per Source IP, MAX. Concurrent Sessions Per IP, MAX. Concurrent Sessions, Quota
Per Session, Quota Per Source IP, Quota Per Day, Forwarding Mode, etc. The IT
administrator could determine the outgoing and incoming service or application of
which data packets should be blocked or processed by configuring these items.
The IT administrator can customize the policy based on the source address, source
port, destination address and destination port of a packet. According to the attribute of
a packet, the policy setting is categorized into:
Outgoing: The packet is from the LAN and heading to the WAN. The IT
administrator can customize the policy for outgoing packets.
Incoming: The packet is from the WAN and heading to the LAN (e.g., when
using IP mapping or virtual server). IT administrators can customize the policy
for incoming packets.
WAN to DMZ: The packet is from the WAN and is heading to the DMZ (e.g.,
when using IP mapping or virtual server). IT administrators can customize the
policy for WAN-to-DMZ packets.
LAN to DMZ : The packet is from LAN and heading to the DMZ. IT
administrators can customize the policy for LAN-to-DMZ packets.
DMZ to WAN : The packet is from the DMZ and heading to the WAN. IT
administrators can customize the policy for DMZ-to-WAN packets.
650
Advertisement
Table of Contents
