Chapter 6
Security
RUGGEDCOM ROX II
CLI User Guide
198 Managing Policies
1. Make sure the CLI is in Configuration mode.
2. Delete the host by typing:
no security firewall fwconfig firewall fwhost name
Where:
• firewall is the name of the firewall
• name is the name of the host
3. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Section6.9.12
Managing Policies
Policies define the default actions for establishing a connection between different firewall zones. Each policy
consists of a source zone, a destination zone and an action to be performed when a connection request is
received.
The following example illustrates the policies for establishing connections between a local network and the
Internet.
Policy Source Zone Destination Zone Action
1 Loc Net ACCEPT
2 Net All DROP
3 All All REJECT
Each policy controls the connection between the source and destination zones. The first policy accepts all
connection requests from the local network to the Internet. The second policy drops or ignores all connection
requests from the Internet to any device on the network. The third policy rejects all other connection requests and
sends a TCP RST or an ICMP destination-unreachable packet to the client.
The order of the policies is important. If the last policy in the example above were to be the first policy, the firewall
would reject all connection requests.
NOTE
The source and destination zones must be configured before a policy can be created. For more
information about zones, refer to Section6.9.9, “Managing Zones”.
NOTE
Policies for specific hosts or types of traffic can be overridden by rules. For more information about
rules, refer to Section6.9.15, “Managing Rules”.
CONTENTS
• Section6.9.12.1, “Viewing a List of Policies”
• Section6.9.12.2, “Adding a Policy”
• Section6.9.12.3, “Configuring the Source Zone”
• Section6.9.12.4, “Configuring the Destination Zone”
• Section6.9.12.5, “Deleting a Policy”
To Next Page
Loading...
Need help?
General
