Table of Contents
Advertisement
Firewall menu options
Access control
In the Exceptions text box, enter the LAN IP address of the appliance.
5
Click OK in each subsequent dialog box until done.
6
ACL tab
The ACL (Access Control Lists) enables configuration of allowed and blocked source and destination hosts
using addresses defined on the Addresses page. Access can be blocked or allowed by the source (LAN) IP
address or address range, the Destination (Internet) host's IP address or address range, or the Destination
Host's name. The source/destination address of the current network request will be matched against the list
of firewall groups, IP addresses, IP address ranges and host IP address. A successful match allows or blocks
the network request as appropriate. There is no performance hit for increasing the size of an IP address
range and negligible cost for increasing the number of ranges, groups, or hosts.
Note:
All Internet traffic, not just Web traffic, is affected by ACL.
Prerequisites:
• ACLs require previously configured Definitions to allow or deny. Addresses are added through the
Definitions menu. Refer to the
• Access control must be enabled. See
Configuring ACL
From the Firewall menu, click Access control > ACL tab. The Access Control Lists page appears
1
(Figure
212).
Figure 212 ACL tab
[Optional] Select allowed source hosts from the Allowed Source Hosts list. The default is None.
2
Available options Available options depend upon the Addresses defined in the Definitions menu.
[Optional] Select blocked source hosts from the Blocked Source Hosts list. The default is None.
3
Available options Available options depend upon the Addresses defined in the Definitions menu.
[Optional] Select allowed destination hosts from the Allowed Destination Hosts list. The default is
4
None. Available options depend upon the Addresses defined in the Definitions menu.
[Optional] Select blocked destination hosts from the Blocked Destination Hosts list. The default is
5
None. Available options depend upon the Addresses defined in the Definitions menu.
Click Submit.
6
Example ACL: Blocked and allowed hosts
This example defines block rules that stop a range of addresses, with an allow rule that exists as an
exception to the block rules. Since the allow is checked before the block, you can grant access to override
the block rule.
In this scenario, the LAN has an address of 10.0.0.0/24. All source hosts allowed access to the LAN are
number 128 and above, and all source hosts below that range are not allowed access. A block rule for the
range 0-127 prevents access to those source hosts. However, there is an exception to this policy in that a
source host with address 10.0.0.15 requires access. An allow rule can grant access in this circumstance.
210
McAfee UTM Firewall 4.0.4 Administration Guide
Definitions
for further details.
Enabling access
control.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
