5.1 Allow LAN access to Internet with only Web Access
- By Defult Policy : Allow all Network & Services from Internal to External ( Not Secure ) -> policy & Object
IPv4 policy -> create new -> Name : LAN Access , Incaming : client ( Internal )
Source : LAN, Descrition : 192.168.1.0/24
5.2 Allow Sys Admin access to Internet
- Usually Sys Admin need full access to Internet
- Policy&object - > Create new Policy to allow all network/ Services
- Incoming Interface - Outgoing Interface : LAN, WAN
- Source Address - Destination Address : 192.168.1.100 - Internet
- Service: ALL
5.3 Block User access to Internet
- policy&Object -> Create new Policy to block user access to Internet
- Incoming Interface -Outgoing Interface : LAN- WAN
- Source Address - Destination Address : 192.168.1.100 - Internet
- Service : All
5.4 Block User access to Website using IP-Based
- Create New policy to block user access to specific website : test.com with IP address
- Incoming Interface - Outgoing Interface : LAN - WAN
- Source Address - Destination Address : 192.168.1.100 - test.com IP address
- Service: HTTP, HTTPS,DNS
policy & object -> Name : block website
- Incoming : Internal LAN
- Outgoing : WAN 1
5.5. Block User access to Website using NGFW-based
- Create New Policy to block user access to specific website: facebook.com with NGFW
- Enable NGFW Policyp-based mode in System Setting
- Create Policy to block Facebook.com
- Incoming Interface -Outgoing Interface: :LAN -WAN
- Source Address -Destination Address : 192.168.1.100 - Internet
- Service : HTTP, HTTPS,DNS
- Application: Facebook
- Create SNAT
- Incoming to remote from public to private network to access local resources: Service & Data
- Source Address - Destination Address : 192.168.1.100 - Internet
Subscribe to:
Post Comments (Atom)
EmoticonEmoticon