2.2.7. Firewall Policy setting

2.2.7.1. Default Value

By default, Firewall Policy has not set up yet, so you need to set up one, according to your environments.

2.2.7.2. Setting Items

Following are setting items of a Firewall Policy as described below:

Items

Values

Descriptions

ID

(Auto-Assign)

This ID is automatically assigned.
Also, you are noted that this ID is NOT listed, based on an sorting order.

Move rule

Any of [ No Move ] , [ Move before ] or [ Move after ]

Specify a sorting order of this policy.
When you select either [ Move before ] or [ Mover after ], you will be asked to input the [ move_index ] items.
  • [ No Move ]: Adds the current policy under an existing policy

  • [ Move before ] : Inserts the current policy above the ID, designated at [ move_index ] .

  • [ Move after ]: Inserts the current policy below the ID, specified at [ move_index ].

The additional policy has displayed at the lowest line until the new settings will be applied by clicking [ Apply configuration ].
After you click [ Apply configuration ], the current policy will sort in your specified order for each Interface.

Enable

Either [ □ ] (unmarking to the checkbox) or [ ✔ ] (marking the checkbox)

If you mark to the [ Enable ] checkbox at the Object screen of a Firewall Policy, the relevant policy will be valid.

Incoming Interface

Port [ 4 - 10 ]

Select an [ Incoming Interface ] from among Port 4 - Port 10 , about the inbound traffic destination of the current Firewall Policy.

Source Address

(either [ Address Object ] or [ Address Group] )

You need to select a Source IP Address to apply the current Firewall Policy for.

Outgoing Interface

Port [ 4 - 10 ]

You need to select an [ Outgoing Interface ] , about an outbound traffic destination of the current Firewall Policy.

Destination Address Type

(either [ Address Object ] or [ NAT Object ])

You need to select a destination type to apply the current policy for.

  • [ Address Object ] : Selects one address from among the addresses, which were assigned to a Port specified at the Outgoing Interface.

  • [NAT Object ] : Selects one NAT Object from among the Destination NAT Objects, whose Ports specified at an Incoming Interface are also registered as External Interfaces

Service

(either [ Service Object ] or [ Service Group ])

Select a service to apply this Firewall Policy for.

Action

[ ACCEPT ] or [ DENY }

Select an Action to apply this Policy for.
  • [ ACCEPT ]:This order accepts the transmission. ( This deals with the UTM function.)

  • [ DENY ]:This order drops the transmission. ( This does not deals with the UTM function.)

Once you select [ DENY ], you can set up neither the NAT function nor the UTM function.

NAT

Either [ □ ] (unmarking to the checkbox) or [ ✔ ] (marking the checkbox)

Once you mark to this, specifying a Source NAT will be active.

Log

Specify either of [ All ], [ Disable ] , or [ Security Log ].

You need to select the way to deal with the relevant log if the traffics will be applied for the currrent Firewall Policy.
  • [ ALL ]: Both the traffic log and UTM log will be active ( valid ).

  • [ Disable ] : makes the relevant log [ Inactive ].

  • [ Security Log ] : Chages only the UTM log into being active. ( without any records on traffic logs.)

If Action is DENY, the specifications will be as follows.
  • ALL: Only communication logs are enabled

  • Disable: The log of communication that matches the policy and is discarded is output.

  • Security Log: Not selectable

Antivirus (Only Managed UTM is effective.)

(Antivirus Profiles)

You need to select the Antivirus profile to be active in the case that you select [ ACCEPT ] as an [ Action ].

IPS (Only Managed UTM is effective.)

(Default IPS Profile)

Select the Profile, whose IDA / IPS Funtions will be active (valid), when setting [ ACCEPT ] as an [ Action ].
  • [ IDS_Monitor ]:Detect / Inspect (No Block)

  • [ IPS_Block ]:Blocks after Inspection / Detection

Web Filter (Only Managed UTM is effective.)

(Web Filter Profile)

Select the profile of Web Filtering, in the case you set [ ACCEPT ] as an [ Action ].

Spam Filter (Only Managed UTM is effective.)

(Spam Filter Profile)

Select the spam filtering profile to be valid when you set [ ACCEPT ] for an [ Action ].

Scan Ports (Only Managed UTM is effective.)

(Scan Ports Profile)

Select the port profiles being scanned in Antivirus, Web Filter and SPAM Filter, which will be active when you set [ ACCEPT ] for an [ Action ].

Detecting Botnet C&C Server

Block or Monitor or Disable

Select the behavior when communication with the C&C server is detected.
  • Block: Detect and block

  • Monitor: Detect (do not block)

  • Disable: Not detected

Comment

(Half-width alphabetic characters & half-width numbers)

Fill in your comment if you like.
Fill in your comment by using less than 225 letters. You can NOT utilize any two-bytes characters, such as Japanese.

Following are required additional setting items, when you mark to the NAT check box.

Items

Values

Descriptions

NAT mode

Either [ Use Outgoing Interface Address ] or [ Use NAPT Object ]

Select an NAT mode.
  • [ Use Outgoing Interface Address ]:The IP address, which is assigned to a designated Port at an Outgoing Interface as described above, will be utilized.

  • [ Use NAPT Object } : You select a source address pool of a Source NAT being defined in advance, and use it.

NAPT Object

( Source NAT Object )

If you select [ Use NAPT Object ] at the NAT mode, you need to select a Source NAT Object.

Note

For HA configuration, Use Outgoing Interface Address can not be selected.



2.2.7.3. Adding Firewall Policy

  1. Click the Routing from the left-side Object screen.
    Firewall Policy ‣ Firewall Policy

    Click [ Add ] at Firewall Policy of the right-side screen.

    Click Add


  1. Click [ Save ] after you input the setting value.
    Input Setting Items : Firewall Policy to the setting value.

    Save Policy

    Note

    • You need to be mindful of the sorting order of a Firewall Policy, for the Firewall Policy will be accordingly evaluated, one by one, in the ascending order. If any Firewall Policy could match, the relevant one will be applied promptly. NOTE: The ID will be assigned in a Policy creation order, not in an alphabetical order.

    • Until a Firewall policy has been applied by your clicking [ Apply configuration ] even after either [ Move before ] or [ Move after ] is specified at the policy Object screen, the screen displays accordingly in the Policy-added order.

    • UTM Function is displayed only when Managed UTM is used.


  1. Apply configuration to the device by clicking [Apply configuration].

    Save Config



2.2.7.4. How to Change Firewall Policy (Edit / Duplicate / Remove)

  1. Click the Routing from the left-side Object screen.
    Firewall Policy ‣ Firewall Policy

    Select the target changed line at Routing screen of the right-side. Click an operation button you need.

    Click Change


    Following describes respective buttons of Firewall Policy .

    Buttons

    Descriptions

    Edit

    Modify the settings of your selected Firewall Policy .

    Move Up

    Move up one line above your selected Firewall Policy.

    Move Down

    Move down one line just below your selected Firewall Policy .

    Duplicate

    Once you have duplicated your selected Firewall Policy, the Firewall Policy setting screen will open with the same setting value as the duplicated one.
    This is useful for you to define another Firewall Policy with the same value.

    Remove

    Delete the selected Firewall Policy.


    Note

    • You need to be mindful of the sorting order of a Firewall Policy, for the Firewall Policy will be accordingly evaluated, one by one, in the ascending order. If any Firewall Policy could match, the relevant one will be applied promptly. NOTE: The ID will be assigned in a Policy creation order, not in an alphabetical order.

    • Until a Firewall policy has been applied by your clicking [ Apply configuration ] even after either [ Move before ] or [ Move after ] is specified at the policy Object screen, the screen displays accordingly in the Policy-added order.

    • UTM Function is displayed only when Managed UTM is used.


    When you deleting one , the confirmation message will display. Please click [OK] to finally execute its deletion.

    Confirm Delete Object


  1. Apply configuration to the device by clicking [Apply configuration].

    Save Config