Cisco Systems ISA550 Manual De Usuario

Firewall

Configuring Firewall Rules to Control Inbound and Outbound Traffic

Cisco ISA500 Series Integrated Security Appliances Administration Guide

254

Default Firewall Settings

By default, the firewall prevents all traffic from a lower security zone to a higher
security zone (commonly known as Inbound) and allows all traffic from a higher
security zone to a lower security zone (commonly known as Outbound).

For example, all traffic from the LAN (trusted zone) to the WAN (untrusted zone) is
permitted, and traffic from the WAN (untrusted zone) to the DMZ (public zone) is
blocked.

When you create a new zone, such as a Data zone, firewall rules are automatically
generated to permit or block traffic between that zone and other zones, based on
the security levels for the From and To zones.

The following table displays the default access control settings for traffic between
the zones in the same or different security levels.

If you want to alter the default behaviors—for example, allowing some inbound
access to your network (WAN to LAN) or blocking some outbound traffic from your
network (LAN to WAN)—you must create firewall rules.

Use the Default Policies page to view the default firewall behaviors for all
predefined zones and new zones.

STEP 1

Click Firewall > Access Control > Default Policies.

STEP 2

Click the triangle to expand or contract the default access control settings for a
specific zone. The following behaviors are defined for all predefined zones.

From/To

Trusted(100)

VPN(75)

Public(50)

Guest(25)

Untrusted(0)

Trusted(100)

Deny

Permit

VPN(75)

Deny

Permit

Public(50)

Deny

Permit

Guest(25)

Deny

Permit

Untrusted(0)

Deny

From/To

LAN

VOICE

VPN

SSLVPN

DMZ

GUEST

WAN

LAN

N/A

Deny

Permit