Chapter13 policy, Chapter 13 policy – PLANET SG-1000 User Manual

Chapter 13

Policy

Every packet has to be detected if it corresponds with Policy or not when it passes the

SG-1000. When the conditions correspond with certain policy, it will pass the SG-1000

by the setting of Policy without being detected by other policy. But if the packet cannot

correspond with any Policy, the packet will be intercepted.

The parameter of the policy includes Source Address, Destination Address, Service,

Action, WAN Port, Traffic Log, Statistics, Content Blocking, Anti-Virus,

Authentication User, Schedule, Alarm Threshold, Trunk, Max. Concurrent Sessions,

and QoS. Control policies decide whether packets from different network objects,

network services, and applications are able to pass through the SG-1000.

How to use Policy?

The device uses policies to filter packets. The policy settings are: source address,

destination address, services, permission, packet log, packet statistics, and flow alarm.

Based on its source addresses, a packet can be categorized into:

(1) Outgoing: The source IP is in LAN network; the destination is in WAN

network. The system manager can set all the policy rules of Outgoing packets

in this function

(2) Incoming: The source IP is in WAN network; the destination is in LAN

network. (For example: Mapped IP, Virtual Server) The system manager can

set all the policy rules of Incoming packets in this function

(3) WAN to DMZ: The source IP is in WAN network; the destination is in DMZ

network. (For example: Mapped IP, Virtual Server) The system manager can

set all the policy rules of WAN to DMZ packets in this function