Cisco Systems ISA550 Manual De Usuario

Firewall

Configuring Firewall Rules to Control Inbound and Outbound Traffic

Cisco ISA500 Series Integrated Security Appliances Administration Guide

255

NOTE

ACL rules are applicable for inter-VLAN traffic, whether within a zone or

between zones. You cannot set ACL rules for intra-VLAN traffic, such as LAN to
LAN.

Priorities of Firewall Rules

The security appliance includes three types of firewall rules:

•

Default firewall rules: The firewall rules that are defined on the security
appliance for all predefined zones and new zones. The default firewall rules
cannot be deleted nor edited.

•

Custom firewall rules: The firewall rules that are configured by the users.
The security appliance supports up to 100 custom firewall rules.

•

VPN firewall rules: The firewall rules that are automatically generated by
the zone access control settings in your VPN configurations. The VPN
firewall rules cannot be edited in the Firewall > Access Control > ACL Rules
page. To edit the zone access control settings in your VPN configurations,
go to the VPN pages.

All firewall rules are sorted by the priority. The custom firewall rules have the
highest priority. The VPN firewall rules have higher priorities than the default
firewall rules, but lower than the custom firewall rules.

Preliminary Tasks for Configuring Firewall Rules

Depending on the firewall settings that you want to use, you may need to
complete the following tasks before you configure firewall rules:

•

To create a firewall rule that applies only to a specific zone except the
predefined zones, first create the zone. See

Configuring Zones, page146

VOICE

Deny

N/A

Permit

VPN

Deny

N/A

Deny

Permit

SSLVPN

Deny

N/A

Permit

DMZ

Deny

N/A

Permit

GUEST

Deny

N/A

Permit

WAN

Deny

N/A