User guide

Filtering Outgoing Traffic to the Optional Network

User Guide 69

5 In the fields separated by the word To, either type a port

number and leave the second box blank (for one port), type a

range of port numbers (for range of ports), or type the protocol

number.

NOTE

For a TCP port or a UDP port, specify a port number or a range of

ports. For a protocol, specify an IP protocol number. You cannot

specify a port number for an IP protocol that is not TCP or UDP.

Examples of IP protocols other than TCP and UDP and the

associated numbers are IP protocol 47 for GRE; IP protocol 50 for

ESP. Creating a custom service using an IP protocol is rarely

necessary.

6 Click Add.

The following steps determine how the service is filtered.

7 Select Allow or Deny from the Incoming Filter and Outgoing

Filter drop-down lists.

8 Select Host IP Address, Network IP Address, or Host Range

from the drop-down list at the bottom of the page.

9 Type a single host IP address, a network IP address, or the start

and end of a range of host IP addresses in the applicable

address field.

10 Click Add.

Repeat the previous three steps until all of the address information for

this custom service is set.

11 Click Submit.

Filtering Outgoing Traffic to the Optional Network

You can also define services to filter traffic from the trusted to the

optional interface:

1 Type the IP address of the trusted network in your browser

window to connect to the System Status page of the Firebox® X

Edge.

The default IP address is: https://192.168.111.1

2 From the navigation bar at left, select Firewall => Optional.

The Filter Outgoing Traffic to Optional Network page appears.

3 Select Allow, Deny, or No Rule from the Filter drop-down lists.