Chapter 29 Secure Policy
ZyWALL Series CLI Reference Guide
229
29.2.3 Secure Policy Command Examples
These are IPv4 secure policy configuration examples. The IPv6 secure policy commands are similar.
The following example shows you how to add an IPv4 secure policy rule to allow a MyService
connection from the WAN zone to the IP addresses Dest_1 in the LAN zone.
• Enter configuration command mode.
• Create an IP address object.
• Create a service object.
• Enter the secure policy sub-command mode to add a secure policy rule.
• Set the direction of travel of packets to which the rule applies.
• Set the destination IP address(es).
• Set the service to which this rule applies.
Table 115 Secure Policy Style Commands
COMMAND DESCRIPTION
secure-policy-style {general |
advance}
Enables or disables multiple profiles for the following security
services:
• Anti-virus
•DNS Filter
•Threat website
• IDP (Intrusion Detection and Prevention
•Anti-spam
general: Multiple profiles are disabled for the listed security
services. This is the default option. When the Zyxel Device is set to
this mode, a profile named default_profile maps to the settings in
the Web Configurator UI.
advance: Multiple profiles are enabled for the listed security
services.
Note: To change the mode from advance to general,
ensure that the inspect policy of each of the listed
security services is set to all-traffic.
secure-policy-style advance all-
inspect-by-policy
Enables multiple profiles for the following security services, and also
sets all security services to inspect by policy.
• Anti-virus
• URL Threat Filter
• IDP (Intrusion Detection and Prevention
•Anti-spam
Inspect by policy means a security service inspects traffic only
when its profile is bound to a security policy.
For information on binding a security service profile to a security
policy, see Section 29.2.1 on page 226.
show secure-policy-style status
Displays the current secure policy style setting (general or
advanced).
show security-service inspect
status
Displays the inspect policy setting (all traffic or by policy) for each
security service.
To Next Page
Loading...
