Manualsbrain.com
  1. Manuali
  2. Marche
  3. Cirkuit Planet
  4. MH-2001
  5. Manuale Utente

Cirkuit Planet MH-2001 Manuale Utente

Scarica
Pagina di 297
MH-2001 Multi-Homing Security Gateway User’s Manual 
Chapter 7: Policy 
This section provides the Administrator with facilities to sent control policies for packets with different source 
IP addresses, source ports, destination IP addresses, and destination ports. Control policies decide whether 
packets from different network objects, network services, and applications are able to pass through MH-2001. 
 
What is Policy? 
The device uses policies to filter packets. The policy settings are: source address, destination address, 
services, permission, packet log, packet statistics, and flow alarm. Based on its source addresses, a packet 
can be categorized into: 
 
(1)  Outgoing:  The source IP is in LAN network; the destination is in WAN network. The system 
manager can set all the policy rules of Outgoing packets in this function. 
(2)  Incoming: The source IP is in WAN network; the destination is in LAN network. (For example: 
Mapped IP, Virtual Server) The system manager can set all the policy rules of Incoming packets in 
this function. 
(3)  WAN to DMZ: The source IP is in WAN network; the destination is in DMZ network. (For example: 
Mapped IP, Virtual Server) The system manager can set all the policy rules of WAN to DMZ packets 
in this function. 
(4)  LAN to DMZ: The source IP is in LAN network; the destination is in DMZ network. The system 
manager can set all the policy rules of LAN to DMZ packets in this function 
(5)  DMZ to LAN: The source IP is in DMZ network; the destination is in LAN network. The system 
manager can set all the policy rules of DMZ to LAN packets in this function 
(6)  DMZ to WAN: The source IP is in DMZ network; the destination is in WAN network. The system 
manager can set all the policy rules of DMZ to WAN packets in this function 
All the packets that go through MH-2001 must pass the policy permission (except VPN). Therefore, the 
LAN, WAN, and DMZ network have to set the applicable policy when establish network connection. 
 
How do I use Policy? 
The policy settings are source addresses, destination addresses, services, permission, log, statistics, and 
flow alarm. Among them, source addresses, destination addresses and IP mapping addresses have to be 
defined in the Address menu in advance. Services can be used directly in setting up policies, if they are in 
the Pre-defined Service menu. Custom services need to be defined in the Custom menu before they can be 
used in the policy settings.   
If the destination address of an incoming policy is a Mapped IP address or a Virtual Server address, then the 
address has to be defined in the Virtual Server section instead of the Address section. 
Define the required fields of Policy 
 
 
 
 
- 235 -