2.2.7. Firewall Policy setting¶
2.2.7.1. Default Value¶
2.2.7.2. Setting Items¶
Following are setting items of a Firewall Policy as described below:
Items |
Values |
Descriptions |
---|---|---|
ID |
(Auto-Assign) |
This ID is automatically assigned.
Also, you are noted that this ID is NOT listed, based on an sorting order.
|
Move rule |
Any of [ No Move ] , [ Move before ] or [ Move after ] |
Specify a sorting order of this policy.
When you select either [ Move before ] or [ Mover after ], you will be asked to input the [ move_index ] items.
The additional policy has displayed at the lowest line until the new settings will be applied by clicking [ Apply configuration ].
After you click [ Apply configuration ], the current policy will sort in your specified order for each Interface.
|
Enable |
Either [ □ ] (unmarking to the checkbox) or [ ✔ ] (marking the checkbox) |
If you mark to the [ Enable ] checkbox at the Object screen of a Firewall Policy, the relevant policy will be valid. |
Incoming Interface |
Port [ 4 - 10 ] |
Select an [ Incoming Interface ] from among Port 4 - Port 10 , about the inbound traffic destination of the current Firewall Policy. |
Source Address |
(either [ Address Object ] or [ Address Group] ) |
You need to select a Source IP Address to apply the current Firewall Policy for. |
Outgoing Interface |
Port [ 4 - 10 ] |
You need to select an [ Outgoing Interface ] , about an outbound traffic destination of the current Firewall Policy. |
Destination Address Type |
(either [ Address Object ] or [ NAT Object ]) |
You need to select a destination type to apply the current policy for.
|
Service |
(either [ Service Object ] or [ Service Group ]) |
Select a service to apply this Firewall Policy for. |
Action | [ ACCEPT ] or [ DENY } |
Select an Action to apply this Policy for.
Once you select [ DENY ], you can set up neither the NAT function nor the UTM function.
|
NAT |
Either [ □ ] (unmarking to the checkbox) or [ ✔ ] (marking the checkbox) |
Once you mark to this, specifying a Source NAT will be active. |
Log |
Specify either of [ All ], [ Disable ] , or [ Security Log ]. |
You need to select the way to deal with the relevant log if the traffics will be applied for the currrent Firewall Policy.
If Action is DENY, the specifications will be as follows.
|
Antivirus (Only Managed UTM is effective.) |
(Antivirus Profiles) |
You need to select the Antivirus profile to be active in the case that you select [ ACCEPT ] as an [ Action ]. |
IPS (Only Managed UTM is effective.) |
(Default IPS Profile) |
Select the Profile, whose IDA / IPS Funtions will be active (valid), when setting [ ACCEPT ] as an [ Action ].
|
Web Filter (Only Managed UTM is effective.) |
(Web Filter Profile) |
Select the profile of Web Filtering, in the case you set [ ACCEPT ] as an [ Action ]. |
Spam Filter (Only Managed UTM is effective.) |
(Spam Filter Profile) |
Select the spam filtering profile to be valid when you set [ ACCEPT ] for an [ Action ]. |
Scan Ports (Only Managed UTM is effective.) |
(Scan Ports Profile) |
Select the port profiles being scanned in Antivirus, Web Filter and SPAM Filter, which will be active when you set [ ACCEPT ] for an [ Action ]. |
Detecting Botnet C&C Server |
Block or Monitor or Disable |
Select the behavior when communication with the C&C server is detected.
|
Comment | (Half-width alphabetic characters & half-width numbers) |
Fill in your comment if you like.
Fill in your comment by using less than 225 letters. You can NOT utilize any two-bytes characters, such as Japanese.
|
Items |
Values |
Descriptions |
---|---|---|
NAT mode |
Either [ Use Outgoing Interface Address ] or [ Use NAPT Object ] |
Select an NAT mode.
|
NAPT Object |
( Source NAT Object ) |
If you select [ Use NAPT Object ] at the NAT mode, you need to select a Source NAT Object. |
Note
For HA configuration, Use Outgoing Interface Address can not be selected.
2.2.7.3. Adding Firewall Policy¶
- Click the Routing from the left-side Object screen.Firewall Policy ‣ Firewall Policy
Click [ Add ] at Firewall Policy of the right-side screen.
- Click [ Save ] after you input the setting value.Input Setting Items : Firewall Policy to the setting value.
Note
You need to be mindful of the sorting order of a Firewall Policy, for the Firewall Policy will be accordingly evaluated, one by one, in the ascending order. If any Firewall Policy could match, the relevant one will be applied promptly. NOTE: The ID will be assigned in a Policy creation order, not in an alphabetical order.
Until a Firewall policy has been applied by your clicking [ Apply configuration ] even after either [ Move before ] or [ Move after ] is specified at the policy Object screen, the screen displays accordingly in the Policy-added order.
UTM Function is displayed only when Managed UTM is used.
Apply configuration to the device by clicking [Apply configuration].
2.2.7.4. How to Change Firewall Policy (Edit / Duplicate / Remove)¶
- Click the Routing from the left-side Object screen.Firewall Policy ‣ Firewall Policy
Select the target changed line at Routing screen of the right-side. Click an operation button you need.
Following describes respective buttons of Firewall Policy .Buttons
Descriptions
Edit
Modify the settings of your selected Firewall Policy .
Move Up
Move up one line above your selected Firewall Policy.
Move Down
Move down one line just below your selected Firewall Policy .
Duplicate
Once you have duplicated your selected Firewall Policy, the Firewall Policy setting screen will open with the same setting value as the duplicated one.This is useful for you to define another Firewall Policy with the same value.Remove
Delete the selected Firewall Policy.
Note
You need to be mindful of the sorting order of a Firewall Policy, for the Firewall Policy will be accordingly evaluated, one by one, in the ascending order. If any Firewall Policy could match, the relevant one will be applied promptly. NOTE: The ID will be assigned in a Policy creation order, not in an alphabetical order.
Until a Firewall policy has been applied by your clicking [ Apply configuration ] even after either [ Move before ] or [ Move after ] is specified at the policy Object screen, the screen displays accordingly in the Policy-added order.
UTM Function is displayed only when Managed UTM is used.
When you deleting one , the confirmation message will display. Please click [OK] to finally execute its deletion.
Apply configuration to the device by clicking [Apply configuration].