Firewall Configuration
Firewall Rule Configuration Examples
Cisco SA500 Series Security Appliances Administration Guide 115
4
Allowing Inbound Traffic to a Web Server Using a Specified Public IP
Address
Situation: You host a public web server on your local DMZ network. You want to
allow inbound HTTP requests from any outside IP address. Your ISP has provided
a static IP address that you want to expose to the public as your web server
address.
Solution: Add the static IP address (provided by the ISP), to the WAN interface as
an alias and create an inbound rule as For information about configuring aliases,
see Configuring IP Aliases for WAN interfaces, page 106.
Allowing Inbound Traffic from Specified Range of Outside Hosts
Situation: You want to allow incoming video conferencing to be initiated from a
restricted range of outside IP addresses (132.177.88.2 - 132.177.88.254).
Solution: Create an inbound rule as shown below. In the example, connections for
CU-SeeMe (an Internet video-conferencing client) are allowed only from a
specified range of external IP addresses.
Parameter Value
From Zone Insecure (WAN1)
To Zone DMZ
Service HTTP
Action ALLOW always
Source Hosts Any
Internal IP Address 192.168.5.2
External IP Address Dedicated WAN-209.165.201.225
Parameter Value
From Zone INSECURE (Dedicated WAN/Optional WAN)
To Zone Secure (LAN)
Service CU-SEEME:UDP
To Next Page
Loading...
