Cisco SA520-K9 Administration Guide - Page 111
Configuring MAC Filtering to Allow or Block Traffic, Configuring IP/MAC Binding to Prevent
UPC - 882658266744
View all Cisco SA520-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 111 highlights
Firewall Configuration Configuring Firewall Rules to Control Inbound and Outbound Traffic 4 • You can allow or block traffic from specified MAC addresses. For more information, see Configuring MAC Filtering to Allow or Block Traffic, page 119 • You can associate IP addresses with MAC addresses to prevent spoofing. For more information, see Configuring IP/MAC Binding to Prevent Spoofing, page 128 STEP 1 Click Firewall > Firewall > IPv4 Rules or IPv6 Rules, or for IPv4 rules, you can use the Getting Started (Advanced) page. In the Firewall and NAT Rules section, click Configure Firewall and NAT Rules. The Firewall Rules window opens. Any existing rules appear in the List of Available Firewall Rules table. For IPv4 rules, you can view the list of available rules by zone. Choose the source and destination from the From Zone and To Zone drop-down menu and click Display Rules. STEP 2 To add a rule, click Add. Other options: Click the Edit button to edit an entry. To delete an entry, check the box and then click Delete. To change the status of a rule, check the box and then click Enable or Disable. To select all entries, check the box in the first column of the table heading. The IPv4 Firewall Rules page includes the option to move a rule up, move a rule down, or move it to a specified location in the firewall rules list. For more information, see Prioritizing Firewall Rules, page 113. If you click Add or Edit, the Firewall Rules Configuration window opens. STEP 3 In the Firewall Rule Configuration area, enter the following information: • From Zone: Chose the source of the traffic that is covered by this rule. For an inbound rule, choose INSECURE (WAN) if the traffic is coming from the Internet or choose DMZ if the traffic is coming from a server on your DMZ. • To Zone: For an inbound rule, choose SECURE (LAN) if the traffic is going to the LAN, or choose DMZ if the traffic is going to a server on your DMZ. - If the From Zone is the WAN, the To Zone can be the public DMZ or secure LAN. - If the From Zone is the LAN, then the To Zone can be the public DMZ or insecure WAN. Cisco SA500 Series Security Appliances Administration Guide 111