Setting an IPv4 or IPv6 Firewall Policy

About this task

To define an IPv4 or IPv6 IP Firewall ACL:

Procedure

  1. Select Configuration > Security > IP Firewall.
  2. Expand the IP Firewall menu item and select either the IPv4 ACL or IPv6 ACL menu option.
    Either the IPv4 Firewall Rules screen or the IPv6 Firewall Rules screen displays the existing polices defined thus far.
    Click to expand in new window
    IP Firewall Rules Screen
  3. Select Add to create a new IPv4 or IPv6 firewall rule.
    Select an existing policy and click Edit to modify the attributes of that policy‘s configuration.
  4. Select the added row to expand it into configurable parameters for defining the IPv4 or IPv6 based firewall policy.
    Click to expand in new window
    IPv4 Firewall Rules - Add/Edit Screen
    Click to expand in new window
    IPv6 Firewall Rules - Add/Edit Screen

    IP firewall configurations can either be modified as a collective group of variables or selected and updated individually as their filtering attributes require a more refined update.

    1. Select the Edit Rule icon to the left of a particular IP firewall rule configuration to update its parameters collectively.
      Click to expand in new window
      IP Firewall Rules - Add Criteria Screen
    2. Click the icon within the Description column (top right-hand side of the screen) and select IP filter values as needed to add criteria into the configuration of the IP ACL.
      Click to expand in new window
      IP Firewall Rules - Select Columns Pop-up
      Click to expand in new window
      IP Firewall Rules - Add/Edit - Specific Criteria Pop-up
      Note

      Note

      Only those selected IP ACL filter attributes display. Each value can have its current setting adjusted by selecting that IP ACL‘s column to display a pop-up to adjust that one value.
  5. Define the following IP firewall rule settings as required:
    Precedence Specify or modify a precedence for this IP policy between 1-5000. Rules with lower precedence are always applied to packets first. If modifying a precedence to apply a higher integer, it will move down the table to reflect its lower priority.
    Action Every IP Firewall rule is made up of matching criteria rules. The action defines the packet‘s disposition if it matches the specified criteria. The following actions are supported:
    • Deny - Instructs the firewall to restrict a packet from proceeding to its destination.
    • Permit - Instructs the firewall to allow a packet to proceed to its destination.
    Source Select the source IP address used as basic matching criteria for this IP ACL rule.
    Destination Determine whether filtered packet destinations for this IP firewall rule do not require any classification (any), are designated as a set of configurations consisting of protocol and port mappings (an alias), set as a numeric IP address (host) or defined as network IP and mask. Selecting alias requires a destination network group alias be available or created.
    Protocol Set a service alias as a set of configurations consisting of protocol and port mappings. Both source and destination ports are configurable. Set an alphanumeric service alias (beginning with a $) and include the protocol as relevant.
    Mark Select an IP firewall rule‘s Mark check box to enable or disable event marking and set the rule‘s 8021p or dscp level (from 0 - 7).
    Log Select an IP firewall rule‘s Log check box to enable or disable event logging for this rule‘s usage.
    Enable This option displays for IPv4 based firewalls only. Select an IPv4 firewall rule‘s Enable or Disable icon to determine this rule‘s inclusion with the IP firewall policy.
    Description Lists the administrator assigned description applied to the IP ACL rule. Select a description within the table to modify its character string as filtering changes warrant. Select the icon within the Description table header to launch a Select Columns screen used to add or remove IP ACL criteria from the table.
  6. Select Add to add additional IP firewall rule configurations.
    Select Remove to remove selected IP firewall rules as they become obsolete for filtering network access permissions.
  7. Select OK when completed to update the IP firewall rules.
    Select Reset to revert the screen to its last saved configuration.
9036512-01 Rev AB