[Prev][Next][Report an Error]

Configuring Security—Quick Configuration

You can use J-Web Quick Configuration to quickly configure security policies.

Before You Begin
  1. Establish basic connectivity. (See the Getting Started Guide for your router.)
  2. Configure security zones and interfaces. For more information, see Configuring Security Zones—Quick Configuration
  3. Configure address books. For more information, see Configuring Addresses and Address Sets—Quick Configuration

To configure security policies with Quick Configuration:

  1. Select Configuration > Quick Configuration > Security Policies > Policies.
  2. Select the Default Policy Action, Deny All or Permit All.
  3. Select the zone direction (from zone and to zone) as shown in the figure below. You must have pre-configured the security zones for which you want to set policies. For more information on zones, see Configuring Security Policies

    Figure 44: Quick Configuration Policies Page for Security Policies

    Quick Configuration Policies Page for Security Policies

  4. Click Show Configured Policies. The screen displays the message “No policies have been defined for the selected zone direction.”
  5. Click Add to configure a new policy.
  6. Specify a policy name.
  7. Specify a policy action. The form changes depending on the action specified (Selecting permit displays additional fields as shown in the figure below). See Table 109 for the extended policy configuration fields.

    Figure 45: Security Policies Configuration

    Security Policies Configuration

  8. Optionally, you can select a scheduler name that you created earlier and whose schedule you want to associate with the policy.
  9. Click one of the following buttons:

Table 109: Security Policies Configuration Options

Policy Action

Description

Match Criteria

Source Address—Name of the source address or address set as entered in the source zone’s address book.

Destination Address—Name of the destination address or address set as entered in the destination zone’s address book.

Application—Name of a preconfigured or custom application or application set.

Policy Action

Permit—Allows the packet to pass through the firewall.

Reject—Blocks the packet from traversing the firewall. The firewall drops the packet and sends a TCP reset (RST) segment to the source host for TCP traffic and an ICMP destination unreachable, port unreachable message (type 3, code 3) for UDP traffic.

For TCP and UDP traffic, the firewall drops the packet and notifies the source host as action Deny.

Deny—Blocks and drops the packet from traversing the firewall, but doesn’t send notification back to the source.

IPSec-VPN Tunne

Name of the IPSec-VPN tunnel.

Pair Policy

Name of the policy with the same IPSec-VPN in the reverse direction to create a pair policy.

Source NAT

Enable source Network Address Translation (NAT-src) and permit address and port translation on the permitted traffic.

Destination NAT

Enable destination Network Address Translation (NAT-dst) and permit address and port translation on the permitted traffic.

Firewall Authentication

Authenticate the client before forwarding the traffic. Two types of firewall authentication:

Pass-through—Verifies traffic as it attempts to pass-through the firewall.

Web authentication—Verifies client authentication.

Additional Policy Actions

Count—If count is enabled, counters are collected for the number of packets, bytes, and sessions that enter the firewall for a given policy. For counts (only for packets and bytes), you can specify that alarms be generated whenever the traffic exceeds specified thresholds.

Log (session-init and session-close)—Logs session creation and session close events.

Scheduler

Optionally, name a scheduler whose schedule determines when the policy is active.


[Prev][Next][Report an Error]