Chapter 24 policy – PLANET CS-2001 User Manual

660

Chapter 24 Policy

CS-2001 inspects each packet passing through the device to see if it meets the

criteria of any policy. Every packet is processed according to the designated policy,

consequently any packets that do not meet the criteria will not be permitted to pass.

The items of a policy include Source Address, Destination Address, Service,

Schedule, Authentication, VPN Trunk, Action, Log, Statistics, Web Filter, Application

Blocking, IDP, Anti-Virus, Anti-Spam, Mail Archive/ Audit, QoS, MAX. Bandwidth

Per Source IP, MAX. Concurrent Sessions Per IP, MAX. Concurrent Sessions, Quota

Per Session, Quota Per Source IP, Quota Per Day, Forwarding Mode, etc. The IT

administrator could determine the outgoing and incoming service or application of

which data packets should be blocked or processed by configuring these items.

The IT administrator can customize the policy based on the source address, source

port, destination address and destination port of a packet. According to the attribute of

a packet, the policy setting is categorized into:

 Outgoing: The packet is from the LAN and heading to the WAN. The IT

administrator can customize the policy for outgoing packets.

 Incoming: The packet is from the WAN and heading to the LAN (e.g., when

using IP mapping or virtual server). IT administrators can customize the policy

for incoming packets.

 WAN to DMZ: The packet is from the WAN and is heading to the DMZ (e.g.,

when using IP mapping or virtual server). IT administrators can customize the

policy for WAN-to-DMZ packets.

 LAN to DMZ : The packet is from LAN and heading to the DMZ. IT

administrators can customize the policy for LAN-to-DMZ packets.

 DMZ to WAN : The packet is from the DMZ and heading to the WAN. IT

administrators can customize the policy for DMZ-to-WAN packets.