Configure a Router Firewall Policy

Before you begin

If you intend to use a User Profile as a source, create one first. See Add a User Profile.

About this task

You can add a firewall policy to control the traffic crossing routers, defining rules that either permit or deny traffic based on its source, destination, and network service type.

Procedure

  1. Enter a name.
  2. Enter an optional description.
  3. Select the plus sign to begin adding rules.
  4. Choose the traffic Source from the drop-down list as follows:
    • Any: Applies to traffic from any source.
    • Network Address: Applies to traffic from an IP address. Depending on the netmask, this could indicate the address of a single host or an entire subnetwork; for example, as a network reserved for one or more types of users, such as contractors and guests. Choose an existing network address or define a new one.
    • User Profile: Applies to specific types of users. Choose an existing user profile or define a new one.
    • VPN: Applies to all traffic forwarded through an L3 IPsec VPN tunnel. For example, you might want to apply a rule to traffic tunneled from the main and other branch sites through the router firewall, to destinations at the branch site behind the router.
  5. Choose the traffic Destination from the drop-down list as follows:
    • Any: Applies to traffic from any source.
    • Network Address: Applies to traffic from an IP address. Depending on the netmask, this could indicate the address of a single host or an entire subnetwork; for example, as a network reserved for one or more types of users, such as contractors and guests. Choose an existing network address or define a new one.
    • VPN: Applies to all traffic forwarded through an L3 IPsec VPN tunnel. For example, you might want to apply a rule to traffic tunneled from the main and other branch sites through the router firewall, to destinations at the branch site behind the router.
  6. Select Any or an existing Network Service from the drop-down list, or create a new network service.
  7. Choose Permit to pass traffic through the firewall or Deny to block it.
  8. Turn logging ON or OFF for instances when the rule is enforced.
  9. Select Add and repeat these steps for each new rule.
    Note

    Note

    The router applies firewall rules in order from the top. To reposition a rule, select it in the table and use the up and down arrows in the Order column.
  10. Select SAVE FIREWALL.