Configuring Security—Quick Configuration

You can use J-Web Quick Configuration to quickly configure security policies.

Before You Begin

Establish basic connectivity. (See the Getting Started Guide for your router.)
Configure security zones and interfaces. For more information, see Configuring Security Zones—Quick Configuration
Configure address books. For more information, see Configuring Addresses and Address Sets—Quick Configuration

To configure security policies with Quick Configuration:

Select Configuration > Quick Configuration > Security Policies > Policies.
Select the Default Policy Action, Deny All or Permit All.
Select the zone direction (from zone and to zone) as shown in the figure below. You must have pre-configured the security zones for which you want to set policies. For more information on zones, see Configuring Security Policies
Figure 44: Quick Configuration Policies Page for Security Policies
Click Show Configured Policies. The screen displays the message “No policies have been defined for the selected zone direction.”
Click Add to configure a new policy.
Specify a policy name.
Specify a policy action. The form changes depending on the action specified (Selecting permit displays additional fields as shown in the figure below). See Table 109 for the extended policy configuration fields.
Figure 45: Security Policies Configuration
Optionally, you can select a scheduler name that you created earlier and whose schedule you want to associate with the policy.
Click one of the following buttons:
- To apply the configuration and stay on the Quick Configuration page, click Apply.
- To apply the configuration and return to the Quick Configuration main page, click OK.
- To cancel your entries and return to the Quick Configuration page, click Cancel.

Table 109: Security Policies Configuration Options

Policy Action	Description
Match Criteria	Source Address—Name of the source address or address set as entered in the source zone’s address book. Destination Address—Name of the destination address or address set as entered in the destination zone’s address book. Application—Name of a preconfigured or custom application or application set.
Policy Action	Permit—Allows the packet to pass through the firewall. Reject—Blocks the packet from traversing the firewall. The firewall drops the packet and sends a TCP reset (RST) segment to the source host for TCP traffic and an ICMP destination unreachable, port unreachable message (type 3, code 3) for UDP traffic. For TCP and UDP traffic, the firewall drops the packet and notifies the source host as action Deny. Deny—Blocks and drops the packet from traversing the firewall, but doesn’t send notification back to the source.
IPSec-VPN Tunne	Name of the IPSec-VPN tunnel.
Pair Policy	Name of the policy with the same IPSec-VPN in the reverse direction to create a pair policy.
Source NAT	Enable source Network Address Translation (NAT-src) and permit address and port translation on the permitted traffic.
Destination NAT	Enable destination Network Address Translation (NAT-dst) and permit address and port translation on the permitted traffic.
Firewall Authentication	Authenticate the client before forwarding the traffic. Two types of firewall authentication: Pass-through—Verifies traffic as it attempts to pass-through the firewall. Web authentication—Verifies client authentication.
Additional Policy Actions	Count—If count is enabled, counters are collected for the number of packets, bytes, and sessions that enter the firewall for a given policy. For counts (only for packets and bytes), you can specify that alarms be generated whenever the traffic exceeds specified thresholds. Log (session-init and session-close)—Logs session creation and session close events.
Scheduler	Optionally, name a scheduler whose schedule determines when the policy is active.

[Prev][Next][Report an Error]