Configure a Firewall Policy

If you intend to use a User Profile as a source, create one first. See Add a User Profile.

You can add a firewall policy to control the traffic crossing routers, defining rules that either permit or deny traffic based on its source, destination, and network service type.

  1. Go to Configure > Common Objects > Network > Firewalls.
  2. To add a new firewall policy, select .
    To edit an existing firewall policy, select the corresponding check box, and then select Edit.
  3. Enter a Name for the policy.
  4. Enter an optional Description.
  5. To add and configure a new source, select .
  6. Choose the traffic Source from the drop-down list as follows:
    • Any: Applies to traffic from any source.
    • Network Address: Applies to traffic from an IP address. Depending on the netmask, this could indicate the address of a single host or an entire subnetwork; for example, as a network reserved for one or more types of users, such as contractors and guests. Choose an existing network address or define a new one.
    • User Profile: Applies to specific types of users. Choose an existing user profile or define a new one.
    • VPN: Applies to all traffic forwarded through an L3 IPsec VPN tunnel. For example, you might want to apply a rule to traffic tunneled from the main and other branch sites through the router firewall, to destinations at the branch site behind the router.
  7. Choose the traffic Destination from the drop-down list as follows:
    • Any: Applies to traffic from any source.
    • Network Address: Applies to traffic from an IP address. Depending on the netmask, this could indicate the address of a single host or an entire subnetwork; for example, as a network reserved for one or more types of users, such as contractors and guests. Choose an existing network address or define a new one.
    • VPN: Applies to all traffic forwarded through an L3 IPsec VPN tunnel. For example, you might want to apply a rule to traffic tunneled from the main and other branch sites through the router firewall, to destinations at the branch site behind the router.
  8. Select Any or an existing Network Service from the drop-down list, or create a new network service.
  9. Choose Permit to pass traffic through the firewall or Deny to block it.
  10. Turn logging ON or OFF for instances when the rule is enforced.
  11. Select Add and repeat these steps for each new rule.
    Note

    Note

    The router applies firewall rules in order from the top. To reposition a rule, select it in the table and use the up and down arrows in the Order column.
  12. Select SAVE FIREWALL.
9039018-00 Rev AA