Setting up a policy to allow connections to a dmz, Setting up a sat policy to an internal web server – Amer Networks E5Web GUI User Manual

Page 206

Viewing IP Rules Created by IP Policies

As mentioned previously, IP policies create IP rules in the background. These IP rules cannot be
viewed through the Web Interface. However, they can be seen in the output from the CLI
command:

Device:/> rules

Example 3.24. Setting up a Policy to Allow Connections to a DMZ

In this simple example, new HTTP connections will be allowed from the internal lan_net network
on the lan interface to the network dmz_net on the dmz interface.

Command-Line Interface

Device:/> add IPPolicy

Name=lan_to_dmz
SourceInterface=lan
SourceNetwork=lan_net
DestinationInterface=dmz
DestinationNetwork=dmz_net
Service=http-all
Action=Allow

InControl

Follow the same steps used for the Web Interface below.

Web Interface

Go to: Policies > Firewalling > Add > IP Policy

Now enter:

•

Name: lan_to_dmz

•

Action: Allow

•

Source Interface: lan

•

Source Network: lan_net

•

Destination Interface: dmz

•

Destination Network: dmz_net

•

Service: http-all

Select OK

Example 3.25. Setting up a SAT Policy to an Internal Web Server

In this example, a SAT policy will be set up to allow external public Internet traffic to access an
internal web server with an IP of server_ip.

Chapter 3: Fundamentals

206

This manual is related to the following products:

E7Web GUI W3 W5 Web GUI X8 Web GUI