Configuring Policies for Custom Firewall Exceptions

You can create policies with the Policies, Services, and Subscribers CLI or the Policies, Services, and Subscribers subtasks in the C-Web interface.

To configure a policy for a custom firewall exception:

  1. Create a stateless firewall policy group and associated policy rules.
  2. Specify parameters for the following properties for each policy rule:
    • IP protocol
    • TOS byte in the IP header
    • Source IP addresses
    • Source TCP/UDP ports
    • Destination IP addresses
    • Destination TCP/UDP ports
    • TCP flags
    • IP flags (fragmentation flags)
    • Fragmentation offset
    • Packet length
    • ICMP type
    • ICMP code

For a sample policy, see policyGroupName=custom_policer, ou=entjunos_statelessfw, o=Policies, o=umc in the sample data.