Chapter 25 Security Policy
UAG Series User’s Guide
302
Now suppose you need to let the CEO use IRC. You configure a LAN1 to WAN security policy that
allows IRC traffic from the IP address of the CEO’s computer. You can also configure a LAN to WAN
policy that allows IRC traffic from any computer through which the CEO logs into the UAG with his/
her user name. In order to make sure that the CEO’s computer always uses the same IP address,
make sure it either:
• Has a static IP address,
or
• You configure a static DHCP entry for it so the UAG always assigns it the same IP address (see
DHCP Settings on page 192 for information on DHCP).
Now you configure a LAN1 to WAN security policy that allows IRC traffic from the IP address of the
CEO’s computer (172.16.1.7 for example) to go to any destination address. You do not need to
specify a schedule since you want the security policy to always be in effect. The following figure
shows the results of your two custom rules.
Figure 217 Limited LAN to WAN IRC Traffic Example
Your security policy would have the following configuration.
• The first row allows the LAN1 computer at IP address 172.16.1.7 to access the IRC service on the
WAN.
• The second row blocks LAN1 access to the IRC service on the WAN.
• The third row is the security policy’s default policy of allowing all traffic from the LAN1 to go to
the WAN.
Alternatively, you configure a LAN1 to WAN security policy with the CEO’s user name (say CEO) to
allow IRC traffic from any source IP address to go to any destination address.
Table 135 Limited LAN1 to WAN IRC Traffic Example 1
# USER SOURCE DESTINATION SCHEDULE SERVICE ACTION
1 Any 172.16.1.7 Any Any IRC Allow
2 Any Any Any Any IRC Deny
3 Any Any Any Any Any Allow
To Next Page
Loading...
