Firewall Configuration
Configuring Firewall Rules to Control Inbound and Outbound Traffic
Cisco SA500 Series Security Appliances Administration Guide 110
4
STEP 5 For a LAN to WAN rule only, enter the following information in the Source NAT
Settings area:
• SNAT IP Type: Source Network Address Translation (SNAT) requires re-
writing the source or destination IP address of incoming IP packets as they
pass through the firewall. Choose one of the following options:
- WAN Interface Address: Choose this option to use the IP address of the
WAN inter face.
- Single Address: Choose this option to map outbound traffic to an
external IP address (usually provided by your ISP), and select the IP alias
configured for the WAN interface. If no IP alias is configured, the list is
empty.
STEP 6 Click Apply to save your settings.
Configuring a Firewall Rule for Inbound Traffic
This procedure explains how to configure a firewall rule for the following traffic
flows:
• From the WAN to the LAN
• From the WAN to the DMZ
• From the DMZ to the LAN
If you want to allow incoming traffic, you must make the security appliance’s WAN
port IP address known to the public. This is called “exposing your host.” However,
this public IP address does not necessarily have to be your WAN address. The
security appliance supports multiple public IP addresses on a single WAN
interface. When you create your firewall rule, you can choose whether to associate
the public service with the dedicated WAN address, the optional WAN address, or
another IP address that your ISP has provided to you.
For examples, see Firewall Rule Configuration Examples, page 114.
NOTE In addition to configuring firewall rules, you can use the following methods to
control inbound traffic:
• You can prevent common types of attacks. For more information, see
Configuring Attack Checks, page 118.
To Next Page
Loading...
Need help?
General
