Cisco Cisco ISA570W Integrated Security Appliance Quick Setup Guide

Page 3 of 27

Default Firewall Settings

By default, the firewall prevents all traffic from a lower security zone to a higher security zone, and allows
all traffic from a higher security zone to a lower security zone. These rules are also referred to as access
control lists or ACLs.

After you create a new zone, the default firewall rules are automatically generated to permit or block
traffic from the new zone to another zone or vice-versa.

Table 3

shows the default access control settings

for traffic between zones with the same or different security levels.

Table 3. Default ACL Settings

The default behaviors for all predefined zones and new zones are determined by their security levels. For
example, by default, all traffic from the LAN (trusted zone) to the WAN (untrusted zone) is permitted. All
traffic from the WAN (untrusted zone) to the DMZ (public zone) is blocked.

Table 4

lists the default ACL settings for the predefined zones.

Table 4. Predefined ACL Settings

OTE

All predefined zones (except for the VOICE zone) cannot be deleted. Only the associated ports and
VLANs for the predefined zones (except for the VPN and SSLVPN zones) can be edited.

From/To

Trusted (100)

VPN (75)

Public (50)

Guest (25)

Untrusted (0)

Trusted (100)

Deny

Permit

VPN (75)

Deny

Permit

Public (50)

Deny

Permit

Guest (25)

Deny Deny

Deny

Permit

Untrusted (0)

Deny

From/To

LAN

Voice

VPN

SSLVPN

DMZ

GUEST

WAN

LAN

Permit

Deny

Permit

Voice

Deny

Permit

VPN

Deny

Permit

Deny

Permit

SSLVPN

Deny

Permit

DMZ

Deny

Permit

Deny

GUEST

Deny

Permit

WAN

Deny

Permit

Deny

Permit