User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
Firewall
Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 185
6
Configuring a Firewall Access Rule to Allow the Multicast
Traffic
By default, the multicast traffic from any zone to any zone is blocked by the default
firewall access rules. To enable the multicast, you first need to uncheck the Block
Multicast Packets box in the Firewall -> Attack Protection page and then
manually create the firewall rules to allow multicast forwarding from a specific
zone to other zones. The security appliance predefines a multicast address for this
purpose.
For example, IGMP Proxy can be active from WAN to LAN. When you enable IGMP
Proxy and want to receive the multicast packets from WAN to LAN, you need to
uncheck the Block Multicast Packets box in the Firewall -> Attack Protection
page, and create a firewall access rule to permit the multicast traffic from WAN to
LAN.
This section provides a configuration example about how to create a WAN-to-LAN
access rule to permit the multicast traffic by using the predefined multicast
address.
STEP 1 Click Firewall -> ACL Rules -> Rule.
The ACL Rules window opens.
STEP 2 To add a new access rule, click Add.
After you click Add, the Rule - Add/Edit window opens.
STEP 3 Enter the following information:
• Enable: Click On to enable the fireall access rule.
• From Zone: Choose WAN as the source zone of the traffic.
• To Zone: Choose LAN as the destination zone of the traffic.
• Services: Choose ANY for this rule.
• Source Address: Choose ANY as the source address for this rule.
• Destination Address: Choose the existing address called “Multicast” as the
destination address for this rule. The Multicast address object is predefined
on your security appliance for creating multicast firewall access rules.
• Schedule: Choose Always On for this rule.
• Log: Click Off for this rule. We recommend that you disable the Log feature
for a multicast firewall access rule.