User manual
- BaseWall VPN 6000 user manual -
20 Low level policy management
20.1 Policies
Policies are the core of the network subsystem. Most advanced features are
based on policies, combined with various special options. Therefor this
paragraph will describe the design of the policy system. In the following
paragraph the options will be discussed.
The firewall is designed to block all traffic. It is the function of a policy to allow
traffic. If there are no policies, no Internet packets may enter, leave or pass the
firewall. A policy consists of several routes, a port list and various specials.
Each policy has at least 1 source route and 1 destination route.
You may read a policy like this: “Allow traffic from this address (source route)
to that address (destination route) when the used destination port is part of this
port list.”
The procedure to allow certain traffic therefor consist of the following steps:
➔ Make sure both source and destination routes exist, if not introduce them.
➔ Create a new policy using these routes.
➔ Modify the policy's port list and options to suit your needs.
Various policy options are available to create advanced setups. These options
include: address translation, IPSec encryption, binding to a specific connection,
modification of TCP header fields, etc. Each policy can have one or more of
these options selected.
20.2 Define a new policy
When the interface is in advanced mode (selectable in the “Config” tab)
policies can be created, updated and removed in the “Netview”.
To create a new policy you need to take the following steps:
➔ Make sure no other policy is selected by selecting “none” in the policy
selection pulldown menu.
➔ Open the context menu of a relevant source route by clicking on the route.
➔ Select the red button “(De)Select Source”. This will change the route's
background to red.
➔ Repeat the two steps for all relevant source routes.
➔ Repeat the process for the relevant destination routes, this time choosing
“(De)Select Destination”. These routes will get a green background.
➔ Provide a new name for this policy in the text field next to the “add” button.
➔ Push the “add” button.
➔ Open the port list by selecting the "ports" button.
➔ Modify the port list.
➔ Optionally add specials to the policy, see later in this chapter for the
Page 76 / 79