Chapter 25 Security Policy
UAG Series User’s Guide
301
Figure 215 Security Policy Example: Doom Rule in Summary
25.5 Security Policy Example Applications
Suppose you decide to block LAN users from using IRC (Internet Relay Chat) through the Internet.
To do this, you would configure a LAN to WAN security policy that blocks IRC traffic from any source
IP address from going to any destination address. You do not need to specify a schedule since you
need the security policy to always be in effect. The following figure shows the results of this rule.
Figure 216 Blocking All LAN to WAN IRC Traffic Example
Your security policy would have the following settings.
• The first row blocks LAN access to the IRC service on the WAN.
• The second row is the security policy’s default policy that allows all LAN1 to WAN traffic.
The UAG applies the security policies in order. So for this example, when the UAG receives traffic
from the LAN, it checks it against the first rule. If the traffic matches (if it is IRC traffic) the security
policy takes the action in the rule (drop) and stops checking the subsequent security policies. Any
traffic that does not match the first security policy will match the second policy and the UAG
forwards it.
Table 134 Blocking All LAN to WAN IRC Traffic Example
# USER SOURCE DESTINATION SCHEDULE SERVICE ACTION
1 Any Any Any Any IRC Deny
2 Any Any Any Any Any Allow
To Next Page
Loading...
