Schedules, address groups, and services groups
This section lists the lists that need to be configured before security policies are created. Creating these lists is straight forward, so the essential information has been provided here but not step by step instructions. For more information on firewall related details, see
Schedules
Only one schedule needs to be configured — business_hours. This is a fairly standard Monday to Friday 8am to 5pm schedule, or whatever days and hours covers standard work hours at the company.
Address groups
The following address groups need to be configured before the security policies.
Table 30:
Address group Name | Interface | Address range included |
internal_network | internal | 10.11.102.110 to 10.11.102.250 |
company_servers | dmz | 10.11.101.110 to 10.11.101.250 |
Service groups
The following service groups need to be configured before the security policies. Note that the services listed are suggestions and may include more or less as required.
Table 31:
Service group Name | Interface | Description of services to be included |
essential_network_services | internal | Any network protocols required for normal network operation such as DNS, NTP, BGP. |
essential_server_services | dmz | All the protocols required by the company servers such as BGP, HTTP, HTTPS, FTP, IMAP, POP3, SMTP, IKE, SQL, MYSQL, NTP, TRACEROUTE, SOCKs, and SNMP. |
user_services | internal | Any protocols required by users HTTP, HTTP, FTP, |
The following security policy configurations are basic and only include logging, and default AV and IPS.