...
Each 'match' command may contain the 'not' key. When using the key, packets that do not meet the given requirement will fall under the rule.
You can obtain more detail information about firewall configuration in 'CLI command reference guide'.
| Scroll Pagebreak |
|---|
Firewall configuration example
...
To set the rules of traffic passing from 'WAN' zone to 'LAN' zone, create a couple of zones and add a rule prohibiting the application traffic flow and a rule allowing all allowing all other traffic to pass. Rules are applied with the enable command:
...
| Блок кода |
|---|
esr(config)# security ips policy OFFICE esr(config-ips-policy)# description "My Policy" esr(config-ips-policy)# protect network-group LAN |
| Scroll Pagebreak |
|---|
...
| Блок кода |
|---|
esr(config-ips-category-rule)# source-port any |
...
As the TCP destination port for the protocol http is usually used port 80, but Internet sites can also work on non-standard ports, so we specify any:
...