Chapter 15 policy – AirLive RS-3000 User Manual
Page 128
C
C
C
h
h
h
a
a
a
p
p
p
t
t
t
e
e
e
r
r
r
1
1
1
5
5
5
P
P
P
o
o
o
l
l
l
i
i
i
c
c
c
y
y
y
Every packet has to be detected if it corresponds with Policy or not when it passes the RS-3000. When
the conditions correspond with certain policy, it will pass the RS-3000 by the setting of Policy without
being detected by other policy. But if the packet cannot correspond with any Policy, the packet will be
intercepted.
The parameter of the policy includes Source Address, Destination Address, Service, Schedule,
Authentication User, Tunnel, Action-WAN Port, Traffic Log, Statistics, Content Blocking, IM/P2P
Blocking, QoS, MAX. Bandwidth Per Source IP, MAX. Concurrent Sessions Per IP and MAX.
Concurrent Sessions. Control policies decide whether packets from different network objects, network
services, and applications are able to pass through the RS-3000.
How to use Policy?
The device uses policies to filter packets. The policy settings are: source address, destination address,
services, permission, packet log, packet statistics, and flow control. Based on its source addresses, a
packet can be categorized into:
(1) Outgoing: The source IP is in LAN network; the destination is in WAN network. The system
manager can set all the policy rules of Outgoing packets in this function
(2) Incoming: The source IP is in WAN network; the destination is in LAN network. (For example:
Mapped IP, Virtual Server) The system manager can set all the policy rules of Incoming
packets in this function
(3) WAN to DMZ: The source IP is in WAN network; the destination is in DMZ network. (For
example: Mapped IP, Virtual Server) The system manager can set all the policy rules of WAN
to DMZ packets in this function
(4) LAN to DMZ: The source IP is in LAN network; the destination is in DMZ network. The system
manager can set all the policy rules of LAN to DMZ packets in this function
(5) DMZ to LAN: The source IP is in DMZ network; the destination is in LAN network. The system
manager can set all the policy rules of DMZ to LAN packets in this function
(6) DMZ to WAN: The source IP is in DMZ network; the destination is in WAN network. The
system manager can set all the policy rules of DMZ to WAN packets in this function
All the packets that go through RS-3000 must pass the policy permission. Therefore, the LAN,
WAN, and DMZ network have to set the applicable policy when establish network connection.
126