Chapter 20 Security Policy
USG20(W)-VPN Series User’s Guide
330
20.6 Security Policy Example Applications
Suppose you decide to block LAN users from using IRC (Internet Relay Chat) through the Internet.
To do this, you would configure a LAN to WAN Security Policy that blocks IRC traffic from any source
IP address from going to any destination address. You do not need to specify a schedule since you
need the Security Policy to always be in effect. The following figure shows the results of this policy.
Figure 219 Blocking All LAN to WAN IRC Traffic Example
Your Security Policy would have the following settings.
• The first row blocks LAN access to the IRC service on the WAN.
• The second row is the Security Policy’s default policy that allows all LAN1 to WAN traffic.
User Select a user name or user group to which to apply the rule. The rule is activated only
when the specified user logs into the system and the rule will be disabled when the user
logs out.
Otherwise, select any and there is no need for user logging.
Note: If you specified an IP address (or address group) instead of any in the field below, the
user’s IP address should be within the IP address range.
Address Select the IPv4 source address or address group to which this rule applies. Select any to
apply the rule to all IPv4 source addresses.
IPv6 Address Select the IPv6 source address or address group to which this rule applies. Select any to
apply the rule to all IPv6 source addresses.
Session Limit per
Host
Use this field to set a limit to the number of concurrent NAT/Security Policy sessions this
rule’s users or addresses can have.
For this rule’s users and addresses, this setting overrides the Default Session per Host
setting in the general Security Policy Session Control screen.
OK Click OK to save your customized settings and exit this screen.
Cancel Click Cancel to exit this screen without saving.
Table 129 Configuration > Security Policy > Session Control > Add / Edit (continued)
LABEL DESCRIPTION
Table 130 Blocking All LAN to WAN IRC Traffic Example
# USER SOURCE DESTINATION SCHEDULE UTM PROFILE ACTION
1 Any Any Any Any IRC Deny
2 Any Any Any Any Any Allow
To Next Page
Loading...
