Seq. No. | From -> To | Type | Schedule | Description |
1 | internal -> wan1 | RADIUS SSO | business hours | Authenticate outgoing user traffic. |
2 | internal -> wan1 | regular | always | Allow essential network services and VoIP. |
3 | dmz -> wan1 | regular | always | Allow servers to access Internet. |
4 | internal -> dmz | regular | always | Allow users to access servers. |
5 | any -> any | deny | always | Implicit policy denying all traffic that hasn’t been matched |
The RADIUS SSO policy must be placed at the top of the policy list so it is matched first. The only exception to this is if you have a policy to deny access to a list of banned users. In this case, that policy must go at the top so the RADIUS SSO does not mistakenly match a banned user or IP address. |