beautypg.com

Amer Networks E5Web GUI User Manual

Page 205

background image

Creating IP Policies

An IP policy has the following basic properties:

Allow or Deny Action

An IP policy either allows a particular type of traffic or it denies it. The action Deny is
equivalent to the action Drop in IP rules.

Source/Destination Interface/Network Filter

This filter identifies the traffic of interest in the same way that an IP rule filter does.

Service

This identifies the type of protocol for the policy. When using an IP policy with certain
options, only services that have the Protocol property set can be used. These are listed below.

Policy Options

The traffic identified by the filter is subject to one of more of possible options. These are:

i.

Logging - This is enabled or disabled.

ii.

Anti-Virus - An Anti-Virus policy can be selected. This requires a Service object with the
Protocol property set.

iii.

Web Content Filtering - A WCF policy can be selected. This requires a Service object with
the Protocol property set.

iv.

Application Control - An Application Control policy can be selected. Any Service object
can be used with this option.

v.

URL Filter - When the service includes the protocols HTTP and/or HTTPS, this can be
selected to whitelist or blacklist URLs. This requires a Service object with the Protocol
property set.

vi.

File Control - This can block or allow specific filetypes. It is only applicable to the HTTP,
SMTP, POP3 and FTP protocols. This requires a Service object with the Protocol property
set.

vii. Advanced Actions - It is possible to specify the Reject action for denied connections (no

acknowledgement is sent to the source host).

Some Policy Options Require a Service with a Protocol Set

As mentioned above, certain IP policy options can be used only if the service used has the
Protocol property set. Certain predefined services already have a Protocol set. Any newly created,
custom services must have the protocol set if they are to be used with those options..

For example, if Dynamic Web Content Filtering is to be enabled with an IP Policy object then the
predefined service called http-outbound should be used and this has the Protocol set to HTTP. The
more general service object called http-all could not be used since the protocol is not be set
(although it could be set).

Application control is the one option which does not require a special Service object.

Chapter 3: Fundamentals

205

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: