![]() ![]() Received by a firewall are controlled by security policies. Passing through a firewall, traffic sent by a firewall, and traffic ![]() More matching conditions, such as application and user identification. To configure security policies more accurately, you add IP addresses, source and destination ports, and protocol) as matchingĬonditions. ![]() You can use only the 5-tuple (source and destination Matching conditions in a security policy will more accurately filter If multiple values are configured in a matching condition, That is, traffic is considered to matchĪ security policy only when it matches all conditions in the security Configured matchingĬonditions are bitwise ANDed. ![]() Matching condition is optional in a security policy. Figure 1-2 shows the relationships between the interface, network, and security zone.įigure 1-4 Security policy composition and web UI Therefore, it is recommended that security zones be used for refined network partitioning.Īdding an interface to a security zone means that the network connected to the interface is added to the security zone, not the interface itself. To be specific, if a subnet is intruded, attackers can access only resources in a security zone corresponding to the subnet. Once security zones are defined, traffic cannot flow between security zones unless the administrator specifies valid access rules. Security zones are designed to reduce network attack surfaces. Interfaces on the firewall must be added to security zones (except independent management interfaces on some models) to process traffic. By assigning firewall interfaces to different security zones, the networks connected to the interfaces are classified into different security levels. A firewall identifies different networks by security zone. As mentioned, firewalls are used to isolate networks of different security levels. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |