Configuring Company_B security policies
Security policies allow packets to travel between the internal and external VLAN_200 interfaces subject to the restrictions of the protection profile.
To configure Company_B security policies - web-based manager
1. Go to Policy > Policy.
2. Select Create New.
3. Enter the following information and select OK:
Source Interface/Zone | VLAN_200_int |
Source Address | all |
Destination Interface/Zone | VLAN_200_ext |
Destination Address | all |
Schedule | BusinessDay |
Service | games-chat |
Action | DENY |
This policy prevents the use of network games or chat programs (except NetMeeting) during business hours.
4. Enter the following information and select OK:
Source Interface/Zone | VLAN_200_int |
Source Address | all |
Destination Interface/Zone | VLAN_200_ext |
Destination Address | all |
Schedule | Lunch |
Service | HTTP |
Action | ACCEPT |
Protection Profile | Relaxed |
This policy relaxes the web category filtering during lunch hour.
5. Select Create New.
6. Enter the following information and select OK:
Source Interface/Zone | VLAN_200_int |
Source Address | all |
Destination Interface/Zone | VLAN_200_ext |
Destination Address | all |
Schedule | BusinessDay |
Service | HTTP |
Action | ACCEPT |
Protection Profile | BusinessOnly |
This policy provides rather strict web category filtering during business hours.
7. Select Create New.
8. Enter the following information and select OK:
Source Interface/Zone | VLAN_200_int |
Source Address | all |
Destination Interface/Zone | VLAN_200_ext |
Destination Address | all |
Schedule | always |
Service | ANY |
Action | ACCEPT |
Protection Profile | Relaxed |
Because it is last in the list, this policy applies to the times and services not covered in preceding policies. This means that outside of regular business hours, the Relaxed protection profile applies to email and web browsing, and online chat and games are permitted. Company B needs this policy because its employees sometimes work overtime. The other companies in this example maintain fixed hours and do not want any after-hours Internet access.
To configure Company_B security policies - CLI
config firewall policy
edit 1
set srcintf VLAN_200_int
set srcaddr all
set dstintf VLAN_200_ext
set dstaddr all
set schedule BusinessDay
set service Games
set action deny
next
edit 2
set srcintf VLAN_200_int
set srcaddr all
set dstintf VLAN_200_ext
set dstaddr all
set action accept
set schedule Lunch
set service HTTP
set profile_status enable
set profile Relaxed
next
edit 3
set srcintf VLAN_200_int
set srcaddr all
set dstintf VLAN_200_ext
set dstaddr all
set action accept
set schedule BusinessDay
set service HTTP
set profile_status enable
set profile BusinessOnly
next
edit 4
set srcintf VLAN_200_int
set srcaddr all
set dstintf VLAN_200_ext
set dstaddr all
set action accept
set schedule always
set service ANY
set profile_status enable
set profile Relaxed
end