Defining Firewall Servers
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|226
Step 3: Access
1. Select the zones from which the server is accessible:
n
All zones (including the Internet) - Select this option to create a server that anyone
from outside the organization can access. This option requires configuring how the
server is accessible through NAT (in the next step).
n
Only trusted zones (my organization) - Select the applicable checkboxes. You can
override these settings by adding manual access rules.
l
LAN - Physical internal networks.
l
Remote Access VPN users - Users that connect from their homes/mobile
devices to the office.
l
Secure wireless networks - Password protected networks, not including
guest networks.
l
DMZ - The network physically connected to the DMZ port when it is not used
for a secondary Internet connection.
Note - DMZ is not supported in 1530 / 1550 appliances.
l
Remote VPN sites - Networks defined behind gateways to remote VPN sites.
2. If you do not want the server to be accessible to pings, clear the Allow access to server in
the ICMP (ping) checkbox.
3. Select the logging policy of traffic to the server:
n
Log blocked connections
n
Log accepted connections
Step 4: NAT (when server is accessible from the Internet)
The server's configured IP address (x.x.x.x) is public - This option is only relevant if the Hide
internal networks behind the Gateway's external IP address checkbox in the Access Policy
> NAT Control page is cleared (see above for details). It means there are no NAT rules on the
server.
When you complete the wizard, the server is added to the list of servers on the page and the
automatically generated access rules are added to the Access Policy > Firewall Policy Rule
Base.
Note - This page is available from the Firewall and NAT sections on the Access
Policy tab.
To Next Page
Loading...
