Working with the Firewall Access Policy
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 164
Working with the Firewall Access Policy
Firewall Policy
In the Access Policy > Firewall Policy page you can manage the Firewall Rule Base. You can create, edit,
delete, enable or disable rules.
In the Access Policy > Firewall Blade Control page you determine the basic firewall policy mode:
n
In Standard mode, this page shows you both automatically generated rules based on the
configuration of your default policy and manually defined rules as exceptions to this default policy.
n
In Strict mode, all access is blocked by default and this page is the only way to configure access rules
for your organization.
The Rule Base is divided into two sections. Each of the two sections represent a different security policy -
how your organization browses to the Internet (the world outside your organization) and the security policy
to access your organization's resources (both from within and from outside your organization). At the top of
the page there are three links that let you see both or only one of the sections.
n
Outgoing access to the Internet - For all outgoing traffic rules. In this Rule Base you determine the
policy to access the Internet outside your organization. Commonly the policy here is to allow the basic
traffic, but you can block applications and URLs based on your company's discretion. In the Access
Policy > Firewall Blade Control page you can configure the default policy to block applications and
URLs. This page lets you add manual rules as exceptions to the default policy. You can also
customize messages that are shown to users for specified websites when they are blocked or
accepted by the Rule Base (see below). You can also use an Ask action for applications or URLs that
lets the end user determine whether browsing is for work related purposes or not. For example, we
recommend you add a rule that asks the users before browsing to uncategorized URLs. Such a rule
can disrupt possible bot attacks.
n
Incoming, internal and VPN traffic - For all incoming, internal and VPN traffic rules. In this Rule
Base, you determine the policy to access your organization's resources. All internal networks,
wireless networks, and external VPN sites are considered part of your organization and traffic to them
is inspected in this Rule Base. Commonly the policy here is to block traffic from outside your
organization into it and allow traffic within your organization.
In Standard mode, you can configure in various pages a more granular default policy:
l
Traffic from specific sources into your organization can be blocked or accepted by default.
This configuration can be found in each specific sources' edit mode:
l
External VPN sites - Configure default access from/to VPN > Site to Site Blade Control page.
l
Remote Access VPN users - Configure default access from VPN > Remote Access Blade
Control page.
l
Wireless networks - Configure default access for each wireless network from the Access tab in
each wireless network's edit window in the Device > Wireless Network page.
l
DMZ network - Configure default access from the DMZ object's edit window in the Device >
Local Network page.
Note - DMZ is not supported in 1530 / 1550 appliances.
n
Traffic to defined server objects as configured in each server's edit window in the Access Policy >
Firewall Servers page.
To Next Page
Loading...
Need help?
General
