beautypg.com

Chapter 6. policy, 1 policy, Chapter 6 – PLANET MH-2300 User Manual

Page 326: Policy

background image

Gigabit Multi-Homing VPN Security Gateway

MH-2300

326

Chapter 6. Policy

6.1 Policy

MH-2300 inspects each packet passing through the device to see if it

meets the criteria of any policy. Every packet is processed according to the
designated policy; consequently any packets that do not meet the criteria will
not be permitted to pass.

The items of a policy include Source Address, Destination Address,

Service, Schedule, Authentication, VPN Trunk, Action, Packet Log, Traffic
Grapher, Web Filter, Application Blocking, QoS, Max. Bandwidth per Source IP,
P2P Bandwidth Limits, Max. Concurrent Sessions per IP, Max. Concurrent
Sessions, Traffic Quota per Session, Quota per Source IP, Traffic Quota per
Day, IP Redirection, etc. The IT administrator could determine the outgoing and
incoming service or application of which data packets should be blocked or
processed by configuring these items.

The IT administrator can customize the policy based on the source address,
source port, destination address and destination port of a packet. According to
the attribute of a packet, the policy setting is categorized into:

„ Outgoing: Applied to the traffic that are from the LAN and heading to the

WAN.

„ Incoming: Applied to the traffic that are from the WAN and heading to the

LAN (e.g., originated from a mapped IP or virtual server).

„ WAN to DMZ: Applied to the traffic that are from the WAN and heading to

the DMZ (e.g., originated from a mapped IP or virtual server).

„ LAN to DMZ : Applied to the traffic that are from the LAN and heading to

the DMZ.

„ DMZ to WAN : Applied to the traffic that are from the DMZ and heading to

the WAN.

„ DMZ to LAN : Applied to the traffic that are from the DMZ and heading to

the LAN.

„ LAN to LAN : Applied to the traffic that are from the LAN and heading to

the LAN.

„ DMZ to DMZ: Applied to the traffic that are from the DMZ and heading to

the DMZ.

1.

MH-2300 packets are only processed when the criteria of a network policy

are met. Consequently, connections between any two networks require a policy
to be established.

2.

VPN connections established by MH-23001000 can be aggregated into a

trunk as well as applied to a network policy so as to manage the access
privileges.

See also other documents in the category PLANET Communication: