Firewall Policy Examples
Firebox Vclass User Guide 215
rized users are allowed to gain external access. Unautho-
rized users are still blocked.
1 Use the Account Manager to create end-user access
accounts for each individual to be allowed Internet
access during working hours.
2 Distribute login IDs, passwords, and connection
instructions to these users so that they can connect
through the firewall.
3 Create an “Allow_User” firewall policy using the
parameters shown below.
:
4 Add the “9to5M-F” schedule from Example 2 to this
policy so that it takes effect only between 9am and
5pm, Monday through Friday. This permits the
“Allow_HTTP” policy to be active outside the specified
office hours, at which time all users can surf the
Internet.
5 Before this group of authorized users can access the
Internet, they must first authenticate their access
request so that they can proceed through the firewall.
They would do so by entering the following URL in
their Web browser: https://126.20.20.1/user.html
In this URL, the “126.20.20.1” entry represents the IP
address of interface 0.
Name Src Dest Service In Firewall NAT/LB Schd
Allow_
User
ANY ANY HTTP 0 Pass/
Authenticate
Dynamic
NAT
9to5
M-F
Allow_
HTTP
ANY ANY HTTP 0 Pass Dynamic
NAT
Allow_
MAIL
ANY ANY POP3 0 Pass Dynamic
NAT
Deny_
Private
ANY ANY ANY 0 Block
Deny_
Public
ANY ANY ANY 0 Block
To Next Page
Loading...
