Getting Started
Common Configuration Scenarios
Cisco SA500 Series Security Appliances Administration Guide 29
1
Scenario 6: Firewall for Controlling Inbound and Outbound
Traffic
By default, all outbound traffic is allowed and all inbound traffic is denied. If you
want to deny some outbound traffic or allow some inbound traffic, you will need to
configure a firewall rule. To prevent unwanted traffic from the Internet, and to
ensure that your employees are using the Internet for approved business
purposes, you can configure various levels of firewall rules. You can configure
rules that apply to a specified IP address, a range of IP addresses, or to everyone
globally.
Consider the following examples of firewall rules:
• Block outbound traffic to certain websites
• Restrict Internet access for certain users
• Allow inbound traffic to your DMZ
• Configure advanced NAT routing
For these scenarios and all situations in which you need an exception from the
default firewall policy, you need to configure firewall rules.
NOTE The default WAN and LAN settings might be sufficient for your deployment, but
consider the steps outlined in Scenario 1: Basic Network Configuration with
Internet Access, page 26.
Configuration tasks for this scenario:
To start configuring your firewall rules, use the Firewall and NAT Rules links on the
Getting Started (Advanced) page. For more information, see Configuring Firewall
Rules to Control Inbound and Outbound Traffic, page 103.
Scenario 7: DMZ for Public Websites and Services
If your business hosts public services such as websites, you need a way to allow
access to those services without exposing your LAN. You can address this
concern by configuring the Optional port of the security appliance for use as a
DMZ (Demarcation Zone or Demilitarized Zone). This zone acts as a separate
network between your private LAN and the Internet. After you configure your
DMZ, you can configure the firewall rules that enable traffic to connect only to the
services that you specify.
To Next Page
Loading...
Need help?
General
