Chapter 12 policy – SMC Networks SMCBR21VPN User Manual

169

Chapter 12 Policy

Policy

Every packet has to be detected if it corresponds with Policy or not when it

passes the SMC BR21VPN. When the conditions correspond with certain policy,

it will pass the SMC BR21VPN by the setting of Policy without being detected by

other policy. But if the packet cannot correspond with any Policy, the packet will

be intercepted.

The parameter of the policy includes Source Address, Destination Address,

Service, Action, WAN Port, Traffic Log, Statistics, Content Blocking, Anti-Virus,

Authentication User, Schedule, Alarm Threshold, Trunk, Max. Concurrent

Sessions, and QoS. Control policies decide whether packets from different

network objects, network services, and applications are able to pass through the

SMC BR21VPN.

How to use Policy?

The device uses policies to filter packets. The policy settings are: source

address, destination address, services, permission, packet log, packet statistics,

and flow alarm. Based on its source addresses, a packet can be categorized

into:

(1) Outgoing: The source IP is in LAN network; the destination is in WAN

network. The system manager can set all the policy rules of Outgoing

packets in this function

(2) Incoming: The source IP is in WAN network; the destination is in LAN

network. (For example: Mapped IP, Virtual Server) The system manager

can set all the policy rules of Incoming packets in this function

(3) WAN to DMZ: The source IP is in WAN network; the destination is in

DMZ network. (For example: Mapped IP, Virtual Server) The system

manager can set all the policy rules of WAN to DMZ packets in this

function