Manualshelf

CS-500 Content Security Gateway User's Manual

ManualsBrandsPlanet Technology ManualsNetwork CardContent Security Gateway CS-500
161162163164165166167168169170
Content Security Gateway User’s Manual
Step 2: Configure the parameters.
Source Address: Select names of the WAN networks from the drop down list. The drop down
list contains the names of all WAN networks defined in the WAN section of the Address menu.
To create a new source address, please go to the LAN section under the Address menu.
Destination Address: Select the name of the DMZ network from the drop down list. The drop
down list contains the names of the DMZ network created in the Address menu. It will also
contain Mapped IP addresses from the Virtual Server menu that were created for the DMZ
network. To create a new destination address, please go to the Virtual Server menu. (Please
refer to the sections entitled Address and Virtual Server for details)
Service: Select a service from drop down list. The drop down list will contain services defined in
the Custom or Group section under the Service menu. These are services/application that are
allowed to pass from the WAN network to the DMZ network. Choose ANY for all services. To
add or modify these services, please go to the Service menu. (Please refer to the section
entitled Services for details)
Schedule: Select the item listed in the schedule to enable the policy to automatically execute
the function in a certain time and range.
Tunnel: Select the specific VPN tunnel to enable the VPN traffic in Policy rule.
Action: Select Permit or Deny ALL from the drop down list to allow or reject the packets
travelling from the specified WAN network to the DMZ network.
Traffic Log: Select Enable to enable flow monitoring.
Statistics: Select Enable to enable flow statistics.
IDP: Check to enable IDP feature.
Max. Concurrent Sessions: The maximum concurrent sessions that allows to pass through
CS-500. 0 means it is unlimited.
QoS: Select the item listed in the QoS to enable the policy to automatically execute the function
in a certain time and range.
NAT: Select enable to replace Internet user’s IP address with DMZ interface IP, in order to allow
Internet user to access DMZ resource if the DMZ server only allows to be accessed with the
same IP subnet.
Step 3: Click OK.
Modifying a WAN To DMZ policy:
Step 1: In the WAN To DMZ window, locate the name of policy desired to be modified and click its
corresponding Modify option in the Configure field.
- 161 -