Cisco Cisco Expressway Manual De Mantenimiento
To set up and activate new rules:
1. Go to
System > Protection > Firewall rules > Configuration
.
2. Make your changes by adding new rules, or by modifying or deleting any existing rules as required.
You can change the order of the rules by using the up/down arrows
and
to swap the priorities of
adjacent rules.
l
New or modified rules are shown as Pending (in the State column).
l
Deleted rules are shown as Pending delete.
3. When you have finished configuring the new set of firewall rules, click Activate firewall rules.
4. Confirm that you want to activate the new rules. This will replace the existing set of active rules with the
set you have just configured.
After confirming that you want to activate the new rules, they are validated and any errors reported.
After confirming that you want to activate the new rules, they are validated and any errors reported.
5. If there are no errors, the new rules are temporarily activated and you are taken to the
Firewall rules
confirmation
page.
You now have 15 seconds to confirm that you want to keep the new rules:
l
Click Accept changes to permanently apply the rules.
l
If the 15 seconds time limit expires or you click Rollback changes, the previous rules are reinstated
and you are taken back to the configuration page.
and you are taken back to the configuration page.
The automatic rollback mechanism provided by the 15 seconds time limit ensures that the client system
that activated the changes is still able to access the system after the new rules have been applied. If the
client system is unable to confirm the changes (because it can no longer access the web interface) then
the rollback will ensure that its ability to access the system is reinstated.
that activated the changes is still able to access the system after the new rules have been applied. If the
client system is unable to confirm the changes (because it can no longer access the web interface) then
the rollback will ensure that its ability to access the system is reinstated.
When configuring firewall rules, you also have the option to Revert all changes. This discards all pending
changes and resets the working copy of the rules to match the current active rules.
changes and resets the working copy of the rules to match the current active rules.
Rule settings
The configurable options for each rule are:
Field
Description
Usage tips
Priority
The order in which the
firewall rules are applied.
firewall rules are applied.
The rules with the highest priority (1, then 2, then 3 and so on) are
applied first.
applied first.
Firewall rules must have unique priorities. Rule activation will fail if
there are multiple rules with the same priority.
there are multiple rules with the same priority.
Interface
The LAN interface on which
you want to control access.
you want to control access.
This only applies if the Advanced Networking option key is installed.
IP address
and Prefix
length
and Prefix
length
These two fields together
determine the range of IP
addresses to which the rule
applies.
determine the range of IP
addresses to which the rule
applies.
The Address range field shows the range of IP addresses to which
the rule applies, based on the combination of the IP address and
Prefix length.
the rule applies, based on the combination of the IP address and
Prefix length.
The prefix length range is 0-32 for an IPv4 address, and 0-128 for an
IPv6 address.
IPv6 address.
Service
Choose the service to which
the rule applies, or choose
Custom to specify your own
transport type and port
ranges.
the rule applies, or choose
Custom to specify your own
transport type and port
ranges.
Note that if the destination port of a service is subsequently
reconfigured on the Expressway, for example from 80 to 8080, any
firewall rules containing the old port number will not be automatically
updated.
reconfigured on the Expressway, for example from 80 to 8080, any
firewall rules containing the old port number will not be automatically
updated.
Transport
The transport protocol to
which the rule applies.
which the rule applies.
Only applies if specifying a Custom service.
Cisco Expressway Administrator Guide (X8.5.1)
Page 29 of 399
Network and system settings
Intrusion protection