Network and System Management
394
ProSecure Unified Threat Management (UTM) Appliance
Each rule lets you specify the desired action for the connections covered by the rule:
• BLOCK always
• BLOCK by schedule, otherwise allow
• ALLOW always
• ALLOW by schedule, otherwise block
The following section summarizes the various criteria that you can apply to inbound rules and
that might increase traffic. For more information about inbound rules, see Inbound Rules
(Port Forwarding) on page 126. For detailed procedures on how to configure inbound rules,
see Set LAN WAN Rules on page 130 and Set DMZ WAN Rules on page 133.
When you define inbound firewall rules, you can further refine their application according to
the following criteria:
• Services. You can specify the services or applications, or groups of services or
applications to be covered by an inbound rule. If the desired service or application does
not display in the list, you need to define it using the Services screen (see Service-Based
Rules on page 123 and Add Customized Services on page 152).
• WAN destination IP address. For the multiple WAN port models only, you can specify
the destination IP address for incoming traffic. Traffic is directed to the specified address
only when the destination IP address of the incoming packet matches the IP address of
the selected WAN interface. For the single WAN port models, the WAN Destination IP
Address is a fixed field.
• LAN users. You can specify which computers on your network are affected by an
inbound rule. There are several options:
- Any. The rule applies to all PCs and devices on your LAN.
- Single address. The rule applies to the address of a particular PC.
- Address range. The rule applies to a range of addresses.
- Groups. The rule is applied to a group of PCs. (You can configure groups for LAN
WAN outbound rules but not for DMZ WAN outbound rules.) The Known PCs and
Devices table is an automatically maintained list of all known PCs and network
devices and is generally referred to as the network database, which is described in
Manage the Network Database on page 107. PCs and network devices are entered
into the network database by various methods, which are described in Manage
Groups and Hosts (LAN Groups) on page 106.
- IP Groups. The rule applies to a group of individual LAN IP addresses. Use the IP
Groups screen (under the Network Security main navigation menu) to assign IP
addresses to groups. For more information, see Create IP Groups on page 156.
• WAN users. You can specify which Internet locations are covered by an inbound rule,
based on their IP address:
- Any. The rule applies to all Internet IP address.
- Single address. The rule applies to a single Internet IP address.
- Address range. The rule applies to a range of Internet IP addresses.
To Next Page
Loading...
Need help?
General
