beautypg.com

Chapter 6: policy – PLANET CS-2000 User Manual

Page 276

background image

CS-2000 UTM Content Security Gateway User’s Manual

- 270 -

Chapter 6: Policy

P

P

o

o

l

l

i

i

c

c

y

y

The CS-2000 can detect every packet pass by the devices, and to valuate if the packets can fit the policy.

When the packets can qualified by the policy, the CS-2000 will allow the packets to go through the policy. In

other words, if the packets can not fit the policy, then it will be blocked.

The policy parameter included the source address , destination address , service , schedule , authenticatoin

user , VPN trunk , action, WAN port , traffic log , statistics , IDP , content blocking , anti-virus , Qos ,

MAX.concurrent sessions , quota per session and quota per day . The MIS engineer can use these

parameters to set the outgoing and incoming service in data transmission by policy management.

How to use the Policy ?

The CS-2000 can divide the Policy into 6 function depends on the data packets in different source address .

The MIS engineer can easy to set the policy of source IP , source port , destination IP and destination port by

data packets .

1. Outgoing:The source IP is in LAN and the destination IP is in WAN .The MIS engineer can set the

outgoing policy included the network packets and services.

2. Incoming:The source IP is in WAN and the destination IP is in LAN (For example, the IP mapped

and virtual server) . The MIS engineer can set the incoming policy included the network packets and

services.

3. WAN To DMZ:The source IP is in WAN and the destination IP is in DMZ (For example, the IP

mapped and virtual server) .The MIS engineer can set the WAN To DMZ policy included the network

packets and services.

4. LAN To DMZ:The source IP is in LAN and the destination IP is in DMZ. The MIS engineer can set

the LAN To DMZ policy included the network packets and services.

5. DMZ To LAN:The source IP is in DMZ and the destination IP is in LAN. The MIS engineer can set

the DMZ To LAN policy included the network packets and services.

6. DMZ To WAN:The source IP is in DMZ and the destination IP is in WAN. The MIS engineer can set

the DMZ To WAN policy included the network packets and services.

All the packets need to be permitted by the policy in CS-2000. The MIS engineer has to set the fitness

policy in CS-2000, in order to make the LAN, WAN and DMZ connection works.

See also other documents in the category PLANET Communication: