2.1.7. Setting up a Firewall Policy

2.1.7.1. Default Value : Firewall Policy

By default, Firewall Policy has not set up yet, so you need to set up one, according to your environments.

2.1.7.2. Setting Items : Firewall Policy

Following are setting items of a Firewall Policy as described below:

Items

Values

Descriptions

ID

(Auto-Assign)

This ID is the designated one, based on its creation order. NOTE: You can NOT edit an ID itself.
Also, you are noted that this ID is NOT listed, based on an sorting order.

Move rule

Any of [ No Move ] , [ Move before ] or [ Move after ]

Specify a sorting order of this policy.
When you select either [ Move before ] or [ Mover after ], you will be asked to input the [ move_index ] items.
  • [ No Move ]: Adds the current policy under an existing policy

  • [ Move before ] : Inserts the current policy above the ID, designated at [ move_index ] .

  • [ Move after ]: Inserts the current policy below the ID, specified at [ move_index ].

The additional policy has displayed at the lowest line until the new settings will be applied by clicking [ Apply configuration ].
After you click [ Apply configuration ], the current policy will sort in your specified order for each Interface.

Enable

Either [ □ ] (unmarking to the checkbox) or [ ✔ ] (marking the checkbox)

If you mark to the [ Enable ] checkbox at the Object screen of a Firewall Policy, the relevant policy will be valid.

Incoming Interface

Port 4 - Port 10

Select an [ Incoming Interface ] from among Port 4 - Port 10 , about the inbound traffic destination of the current Firewall Policy.

Source Address

(either [ Address Object ] or [ Address Group] )

You need to select a Source IP Address to apply the current Firewall Policy for.

Outgoing Interface

Port 4 - Port 10

You need to select an [ Outgoing Interface ] , about an outbound traffic destination of the current Firewall Policy.

Destination Address Type

(either [ Address Object ] or [ NAT Object ])

You need to select a destination type to apply the current policy for.

  • [ Address Object ] : Selects one address from among the addresses, which were assigned to a Port specified at the Outgoing Interface.

  • [NAT Object ] : Selects one NAT Object from among the Destination NAT Objects, whose Ports specified at an Incoming Interface are also registered as External Interfaces

Service

(either [ Service Object ] or [ Service Group ])

Select a service to apply this Firewall Policy for.

Action

Either [ ACCEPT ] or [ DENY ]

Select an Action to apply this Policy for.
  • [ ACCEPT ] :This order accepts the traffic. ( This will deal with the UTM function.)

  • [ DENY ]:This order rejects the traffics. ( This meaning that a UTM function does do processing.)

Once you select [ DENY ], you can NOT set up both of the NAT and UTM functions.

NAT

Either [ □ ] (unmarking to the checkbox) or [ ✔ ] (marking the checkbox)

By marking to this ckeckbox, Specifying a Source NAT will be active (valid).

Log

Specify either of [ All ], [ Disable ] , or [ Security Log ].

Select the way to deal the relevant log if any traffic is matched up with the current Firewall Policy.
  • [ ALL ]: Both the traffic log and UTM log will be active ( valid ).

  • [ Disable ] : makes the relevant log [ Inactive ].

  • [ Security Log ]: only UTM log will be active ( valid ); yet communication log will not be recorded. If selecting [ All ] when Action is set to [ DENY ], only communication log will be active ( valid ). In this case, Security Log cannot be chosen.

Antivirus (Only Managed UTM is effective.)

(Antivirus Profiles)

You need to select the Antivirus profile being active if you select [ ACCEPT] as a [ Action] .

IPS (Only Managed UTM is effective.)

( Default IPS Profile )

Select the Profile, whose IDA / IPS functions will be active (valid) when you set [ ACCEPT ] as an [ Action ].
  • [ IDS_Monitor ]:Detects / Inspects (Without any Block

  • [ IPS_Block ]:Blocks after Inspection / Detection

Web Filter (Only Managed UTM is effective.)

Web Filter Profile

Select the profile of Web Filtering, in the case you set [ ACCEPT ] as an [ Action ].

Spam Filter (Only Managed UTM is effective.)

Spam Filter Profile

Select the spam filtering profile to be valid when you set [ ACCEPT ] as an [ Action ] .

Scan Ports (Only Managed UTM is effective.)

Scan Port Profile

Select the port profiles being scanned in Antivirus, Web Filter and SPAM Filter, which will be active when you set [ ACCEPT ] for an [ Action ].

Comment

(Half-width alphabetical characters and half-width numbers)

Fill in anything comment of yours if desired.
Fill in your comment by using less than 225 letters. You can NOT utilize any two-byte characters, such as Japanese.

Following are additional setting items, when you mark to the NAT check box.

Items

Values

Descriptions

NAT mode

Either [ Use Outgoing Interface Address ] or [ Use NAPT Object ]

Select an NAT mode.
  • [ Use Outgoing Interface Address ]:By using this, an IP address, which is assigned to a port designated at an Outgoing Interface as described above, will be used.

  • [ Use NAPT Object ]: By using this, you can select and use a source address pool of a Source NAT defined in advance.

NAPT Object

(Source NAT Object)

If you select [ Use NAPT Object ] at the NAT mode, you need to select a Source NAT Object.



2.1.7.3. How to Add Firewall Policy .

  1. Click Firewall Policy from the left-side Object screen.
    Object ‣ Firewall Policy ‣ Firewall Policy

    Click [ Add ] at Firewall Policy of the right-side screen.

    Click Add


  1. Click [ Save ] after you input the setting value.
    Please refer to Firewall Policy : Setting Items , for more information on the setting items.

    Save Policy

    Note

    • You need to be mindful of the sorting order of a Firewall Policy, for the Firewall Policy will be accordingly evaluated, one by one, in the ascending order. If any Firewall Policy could match, the relevant one will be applied promptly. NOTE: The ID will be assigned in a Policy creation order, not in an alphabetical order.

    • Until a Firewall policy has been applied by your clicking [ Apply configuration ] even after either [ Move before ] or [ Move after ] is specified at the policy Object screen, the screen displays accordingly in the Policy-added order.

    • UTM Function is displayed only when Managed UTM is used.


  1. Apply configuration to the device by clicking [Save].

    Save Config



2.1.7.4. How to Change Firewall Policy : [ Edit / Duplicate / Remove ]

  1. Click Firewall Policy from the left-side Object screen.
    Object ‣ Firewall Policy ‣ Firewall Policy

    Select the targeted changed line at the right-side |rp_right_selection| screen. Next, click the relevant operation button you need.

    Click Change


    Following describes respective buttons of Firewall Policy .

    Buttons

    Descriptions

    Edit

    Modify the settings of your selected Firewall Policy .

    Move Up

    Move up one line above your selected Firewall Policy.

    Move Down

    Move down one line just below your selected Firewall Policy .

    Duplicate

    Once you have duplicated your selected Firewall Policy, the Firewall Policy setting screen will open with the same setting value as the duplicated one.
    This is useful for you to define another Firewall Policy with a same value.

    Remove

    Remove your selected Firewall Policy .


    Note

    • You need to be mindful of the sorting order of a Firewall Policy, for the Firewall Policy will be accordingly evaluated, one by one, in the ascending order. If any Firewall Policy could match, the relevant one will be applied promptly. NOTE: The ID will be assigned in a Policy creation order, not in an alphabetical order.

    • Until a Firewall policy has been applied by your clicking [ Apply configuration ] even after either [ Move before ] or [ Move after ] is specified at the policy Object screen, the screen displays accordingly in the Policy-added order.

    • UTM Function is displayed only when Managed UTM is used.


    When your deleting it, the confirmation message will display. Please click [ OK ] to finally execute this deletion.

    Confirm Delete Object


  1. Apply configuration to the device by clicking [Save].

    Save Config