Firewall - Default Policy

Firewall Policies Overview

Firewall rules are grouped based on the direction of travel of packets to which they apply:

LAN to LAN/Router

WAN to LAN

DMZ to LAN

LAN to WAN

WAN to WAN/Router

DMZ to WAN

LAN to DMZ

WAN to DMZ

DMZ to DMZ/Router

By default, the Prestige’s stateful packet inspection allows packets traveling in the following directions:

  • LAN to LAN/Router (This allows computers on the LAN to manage the Prestige and communicate between networks or subnets connected to the LAN interface.)
  • LAN to WAN
  • LAN to DMZ
  • WAN to DMZ
  • DMZ to WAN

The default rule for LAN to WAN traffic is that all users on the LAN are allowed non-restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN.

By default, the Prestige’s stateful packet inspection blocks packets traveling in the following directions:

  • WAN to LAN
    WAN to WAN/Router (This prevents computers on the WAN from using the Prestige as a gateway to communicate with other computers on the WAN and/or managing the Prestige.)
  • DMZ to LAN
    DMZ to DMZ/Router (This prevents computers on the DMZ from communicating between networks or subnets connected to the DMZ interface and/or managing the Prestige.)

The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it.

Connection Directions

LAN to LAN/Router, WAN to WAN/Router, and DMZ to DMZ/Router rules apply to packets coming in on the associated interface (LAN, WAN, or DMZ respectively). LAN to LAN/Router means policies for LAN-to-Prestige (the policies for managing the Prestige through the LAN interface) and policies for LAN-to-LAN (the policies that control routing between two subnets on the LAN). Similarly, WAN to WAN/Router and DMZ to DMZ/Router polices apply in the same way to the WAN and DMZ ports

Label

Description

Enable Firewall
Select this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
Allow Asymmetrical RouteSelect this check box to have the Prestige firewall permit the use of triangle route topology on the network. See the appendix of the User's Guide for more on triangle route topology.
Packet Direction

Firewall rules are grouped based on the direction of travel of packets to which they apply. For example, LAN to LAN/Prestige means packets traveling from a computer/subnet on the LAN to either another computer/subnet on the LAN interface of the Prestige or the Prestige itself.

Use the drop-down list box to select the traffic direction to which you want to apply this firewall rule.

Default ActionUse the radio buttons to select whether to Block (silently discard) or Forward (allow the passage of) packets that are traveling in the selected direction.
LogSelect the check box to create a log (when the above action is taken) for packets that are traveling in the selected direction and do not match any of the rules below.
BackClick Back to return the Firewall Functions screen.
Apply Click Apply to save your changes to the Prestige.
CancelClick Cancel to begin configuring this screen afresh.