Version 5.2 Sourcefire 3D System Installation Guide 43
Understanding Deployment
Deployment Options
Chapter 2
• Allow access to a private network service.
When a public network accesses your private network, NAT translates your
public address to your private network address. The public network can
access your specific private network address.
• Redirect traffic between multiple private networks.
When a server on a private network accesses a server on a connected
private network, NAT translates the private addresses between the two
private networks to ensure there is no duplication in private addresses and
traffic can travel between them.
Using policy-based NAT removes the need for additional hardware and
consolidates the configuration of your intrusion detection or prevention system
and NAT into a single user interface. For more information, see Using NAT
Policies in the Sourcefire 3D System User Guide.
Deploying with Access Control
LICENSE: Any
S
UPPORTED DEVICES: Any
Access control is a policy-based feature that allows you to specify, inspect, and
log the traffic that can enter, exit, or travel within your network. The following
section describes how access control can function in your deployment. See the
Sourcefire 3D System User Guide for more information on this feature.
An access control policy determines how the system handles traffic on your
network. You can add access control rules to your policy to provide more granular
control over how you handle and log network traffic.
An access control policy that does not include access control rules uses one of
the following default actions to handle traffic:
• block all traffic from entering your network
• trust all traffic to enter your network without further inspection
• allow all traffic to enter your network, and inspect the traffic with a network
discovery policy only
• allow all traffic to enter your network, and inspect the traffic with intrusion
and network discovery policies
Access control rules further define how traffic is handled by targeted devices,
from simple IP address matching to complex scenarios involving different users,
applications, ports, and URLs. For each rule, you specify a rule action, that is,
whether to trust, monitor, block, or inspect matching traffic with an intrusion or
file policy.
Access control can filter traffic based on Security Intelligence data, a feature that
allows you to specify the traffic that can traverse your network, per access control
policy, based on the source or destination IP address. This feature can create a
blacklist of disallowed IP addresses whose traffic is blocked and not inspected.
To Next Page
Loading...