Specifications
65
Policy
This section provides the Administrator with facilities to set control policies
for packets with different source IP addresses, source ports, destination IP
addresses, and destination ports. Control policies decide whether packets
from different network objects, network services, and applications are able to
pass through the Firewall.
What is Policy?
The DFL-80 uses policies to filter packets. The policy settings are: source
address, destination address, services, permission, packet log, packet statistics,
and flow alarm. Based on its source addresses, a packet can be categorized
into:
(1). Outgoing: A client is in the internal networks while a server is in the
external networks.
(2) Incoming: A client is in the external networks, while a server is in the
internal networks.
(3) To DMZ: A client is either in the internal networks or in the external
networks while, server is in DMZ.
(4) From DMZ: A client is in DMZ while server is either in the internal networks
or in the external networks.
How do I use Policy?
The policy settings are source addresses, destination addresses, services,
permission, log, statistics, and flow alarm. Among them, source addresses,
destination addresses and IP mapping addresses have to be defined in the
Address menu in advance. Services can be used directly in setting up policies,
if they are in the Pre-defined Service menu. Custom services need to be defined
in the Custom menu before they can be used in the policy settings.
If the destination address of an incoming policy is a Mapped IP address or a
Virtual Server address, then the address has to be defined in the Virtual Server
section instead of the Address section.
Step 1. In Address, set names and addresses of
source networks and destination networks.
Step 2. In Service, set services.
Step 3. In Virtual Server, set names and addresses
of mapped IP or virtual server (only applied to
Incoming policies).
Step 4. Set control policies in Policy